15 matches found
Oracle REST Data Services 安全漏洞
Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...
PT-2026-37905
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...
CVE-2025-14798
CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...
PT-2026-34076
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Security component allow...
CVE-2025-67641
Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...
Linux Distros Unpatched Vulnerability : CVE-2025-53057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...
EUVD-2025-25390
Malicious code in bioql PyPI...
openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...
WordPress Subway – Private Site Option plugin <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API vulnerability
Improper Access Control to Sensitive Information Exposure via REST API vulnerability discovered by Francesco Carlucci in WordPress Plugin Subway – Private Site Option versions = 2.1.4...
PT-2024-18066 · WordPress · Maintenance Page
Name of the Vulnerable Software and Affected Versions: Maintenance Page plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to view post titles and content when the site is in maintenance mode, due to Basic Information Exposure via the...
CVE-2024-1478
The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...
e-Excellence U-Office Force 安全漏洞
e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. A security vulnerability exists in e-Excellence U-Office Force, which can be exploited to obtain part of the system information from an error message returned by the web service by sending specif...
PT-2020-3454
Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, 14.0.1 Java SE Embedded version 8u251 Description The issue is related to the JAXP component and is caused by inadequate access control. It allows an unauthenticated attacker with network access via...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.
The vulnerability of the REST API interface of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...