CVE-2026-35154

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially...

CVE-2026-35154

Dell PowerProtect Data Domain appliances (versions 7.7.1.0–8.7.0.0; LTS2025 8.3.1.0–8.3.1.20; LTS2024 7.13.1.0–7.13.1.60) contain an improper privilege management vulnerability in IDRAC. The issue could allow a highly privileged, local attacker to elevate privileges and perform unauthorized delet...

PT-2026-33397

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 2.0.0 HashiCorp Vault Enterprise versions prior to 1.19.16 HashiCorp Vault Enterprise versions prior to 1.20.10 HashiCorp Vault Enterprise versions prior to 2.0.0 Description An authenticated...

CVE-2026-2312

The Media Library Folders plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.3.6 via the deletemaxgalleriamedia and maxgalleriarenameimage functions due to missing validation on a user controlled key. This makes it possible for...

CVE-2025-12574

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

ClassroomIO.com 安全漏洞

ClassroomIO.com is an educational platform open-sourced by ClassroomIO. A security vulnerability exists in ClassroomIO.com version 0.1.13 that stems from the ability of a student account to delete a course without authorization or authentication, potentially resulting in the bypassing of intended...

Improper Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID...

EUVD-2025-35273

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: PIA Core Technology. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-30290

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to bypass security...

mysql: Privilege Misuse in MySQL Server Security Component

A flaw was found in MySQL Server component: Security: Privileges. This issue can allow unauthorized update, insert, or delete access to MySQL Server data and unauthorized read access to a subset of data via multiple protocols...

Amazon Linux 2023 : mariadb105, mariadb105-backup, mariadb105-common (ALAS2023-2024-698)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-698 advisory. MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under...

CVE-2024-20930

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK. The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to MySQL Server accessible data...

SUSE CVE-2017-10241

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2022-33937

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive...

PT-2022-6159 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions 1.0 through 2.2 Description: The issue concerns a Path Traversal Vulnerability in the reporting function of Dell GeoDrive. This vulnerability could allow a local, low-privileged attacker to gain unauthorized delete acce...

PT-2022-3786 · Oracle +8 · Oracle Mysql Server +8

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.29 and prior Description: The issue is related to the InnoDB component of Oracle MySQL Server and is associated with access control weaknesses. It allows a low-privileged attacker with network access via...

Oracle Communications 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...

Oracle E-Business Suite和Oracle Applications Manager 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. An unspecified vulnerability exists in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker could use this...