Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.17 views

PT-2026-37905

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS6.7AI score0.02298EPSS
Exploits0References7
CVE
CVE
added 2026/01/20 3:25 a.m.18 views

CVE-2025-14798

CVE-2025-14798 : LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthenticated Sensitive Information Disclosure via REST API (via get_item_permissions_check). Affected versions: up to 4.3.2.4. Impact per sources: exposure of user first/last names, social profile links, enrollme...

5.3CVSS5.5AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.14 views

PT-2026-34076

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26 Oracle GraalVM for JDK versions 17.0.18, 21.0.10 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Security component allow...

2.9CVSS7.7AI score0.00124EPSS
Exploits0References175
AlpineLinux
AlpineLinux
added 2025/12/10 4:50 p.m.6 views

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

8CVSS6.1AI score0.00257EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-53057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...

5.9CVSS6.5AI score0.00487EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-25390

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00296EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/21 9:9 a.m.12 views

openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.00611EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/04/30 7:52 a.m.5 views

WordPress Subway – Private Site Option plugin <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API vulnerability

Improper Access Control to Sensitive Information Exposure via REST API vulnerability discovered by Francesco Carlucci in WordPress Plugin Subway – Private Site Option versions = 2.1.4...

5.3CVSS6.8AI score0.00448EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.7 views

PT-2024-18066 · WordPress · Maintenance Page

Name of the Vulnerable Software and Affected Versions: Maintenance Page plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to view post titles and content when the site is in maintenance mode, due to Basic Information Exposure via the...

5.3CVSS9.6AI score0.0053EPSS
Exploits0References4
OSV
OSV
added 2024/03/05 2:15 a.m.5 views

CVE-2024-1478

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

5.3CVSS7.3AI score0.00532EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.4 views

e-Excellence U-Office Force 安全漏洞

e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. A security vulnerability exists in e-Excellence U-Office Force, which can be exploited to obtain part of the system information from an error message returned by the web service by sending specif...

5.3CVSS5.7AI score0.00479EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/07/14 12:0 a.m.12 views

PT-2020-3454

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, 14.0.1 Java SE Embedded version 8u251 Description The issue is related to the JAXP component and is caused by inadequate access control. It allows an unauthenticated attacker with network access via...

5.3CVSS7.2AI score0.04315EPSS
Exploits0References344
RedHat Linux
RedHat Linux
added 2020/01/07 6:24 p.m.3 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.7 views

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the REST API interface of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

3.5CVSS5.7AI score0.0135EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder