216 matches found
EUVD-2023-28522
Malicious code in bioql PyPI...
EUVD-2024-18864
Malicious code in bioql PyPI...
EUVD-2023-24045
Malicious code in bioql PyPI...
EUVD-2025-21531
Malicious code in bioql PyPI...
SUSE-SU-2025:03276-1 Security update for mariadb
This update for mariadb fixes the following issues: Update to version 10.6.23. Security issues fixed: - CVE-2025-21490: InnoDB issue allows high privileged attacker with network access to cause a hang or frequently repeatable crash of MySQL Server bsc1243356. - CVE-2025-30693: InnoDB issue allows...
CVE-2025-8425
CVE-2025-8425 affects the WordPress plugin My WP Translate (versions
CVE-2025-8425 My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaximportstrings function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with...
CVE-2025-7221 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the giveupdatepaymentstatus function in all versions up to, and including, 4.5.0. This makes it possible for authenticated attackers,...
CVE-2025-31961 HCL Connections is vulnerable to broken access control
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...
CVE-2025-21544
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...
CVE-2024-11851
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...
CVE-2023-1335
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...
CVE-2021-2008
Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager component: FMW Control Plugin. The supported version that is affected are 11.1.1.9 and 12.2.1.3 Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2025-1687
The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'updateuserprofile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forg...
mysql: Privilege Misuse in MySQL Server Security Component
A flaw was found in MySQL Server component: Security: Privileges. This issue can allow unauthorized update, insert, or delete access to MySQL Server data and unauthorized read access to a subset of data via multiple protocols...
mysql: Privilege Misuse in MySQL Server Security Component
A flaw was found in MySQL Server component: Security: Privileges. This issue can allow unauthorized update, insert, or delete access to MySQL Server data and unauthorized read access to a subset of data via multiple protocols...
PT-2025-6546 · WordPress · Team Members Showcase Plugin
Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...
CVE-2020-2827
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Print Server. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...
CVE-2025-21558
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged...
CVE-2025-21544
Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...