EUVD-2024-43359

Malicious code in bioql PyPI...

CVE-2024-49293

Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4...

CVE-2024-6072

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2024-14056 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: ZKTeco BioTime versions 8.5.4 and earlier Description: An issue in the software allows a remote attacker to obtain sensitive information. Recommendations: For ZKTeco BioTime versions 8.5.4 and earlier, update to a version later than 8.5.4 to...

PT-2023-6145 · Fortinet · Fortiwlm

Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.5.0 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5 Description: The issue exists due to improper neutralization of special elements used in an operating system command, allowing for os command...

Atlassian Jira 7.0.6 < 8.5.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.6 prior to 8.5.4 or 8.6.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which permits remote attackers to achieve Denial of Service via a...

Design/Logic Flaw

An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords...

ZKTeco ZKBio Time 访问控制错误漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBio Time version 8.5.4, which stems from a lack of authentication of folders containing employee photos...

Sql injection

Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...

CVE-2021-2069

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

CVE-2021-2066

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

CVE-2021-2067

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside...

Unspecified Vulnerability in Oracle Outside In Technology (CNVD-2021-07109)

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. A security vulnerability exists in the Outside In Filters...

Oracle Fusion Middleware 授权问题漏洞

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. A security vulnerability exists in the Outside In Filters...

Authentication flaw

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1...

CVE-2019-20897

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1...

Cross site scripting

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7....

CVE-2020-14173

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7....

CVE-2020-2786

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2020-2783

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...