484 matches found
CVE-2020-21431
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit...
CVE-2020-1381
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1382...
CVE-2014-9022
The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form...
CVE-2013-3840
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services...
CVE-2015-7342
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field...
CVE-2019-8136
An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...
CVE-2019-10244
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service not part of the device distribution could potentially be target of XXE attack due to an improper factory and parser initialisation...
PT-2025-19806 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin topic.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin topic.php component...
The vulnerability of the jfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the jfs component in the Linux operating system’s kernel involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the OBN component of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of authenticity verification for a critical function. This allows attackers to circumvent existing security restrictions.
The vulnerability of the OBN component in the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of authenticity verification for a critical function. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...
CVE-2024-6875
CVE-2024-6875 concerns Infinispan in Red Hat Data Grid. The REST /compare API may leak buffers, enabling continual high-volume POST requests to trigger a buffer leak and an OutOfMemoryError. Documents consistently describe the REST API surface and the memory exhaustion risk, with no explicit fixe...
PT-2025-11709 · Emlog Pro · Emlog Pro
Name of the Vulnerable Software and Affected Versions: emlog pro versions 2.5.0 through 2.5. Description: An arbitrary file upload vulnerability in the component /admin/template.php allows attackers to execute arbitrary code via uploading a crafted PHP file. The vulnerability is exploited through...
CVE-2025-25474
A flaw was found in DCMTK. This vulnerability allows an attacker to cause unexpected behaviour via a buffer overflow in the diinpxt.h file...
The vulnerability of the md component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the md component in the Linux operating system’s kernel is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...
The vulnerability of the General component in Oracle Application Express development environment allows a attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the General component in Oracle Application Express development relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to influence the confidentiality and integrity of protected information through HTTP requests...
The vulnerability of the Security component of the Oracle Communications Order and Service Management system allows a perpetrator to gain read, modify, add, or delete access to data, or cause a partial service disruption.
The vulnerability of the Security component of the Oracle Communications Order and Service Management system is related to a data source validation error. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read, modify, add, or delete access to data, or cause a parti...
CVE-2024-4941
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSON. If the parsed JSON...
The vulnerability of the parisc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the parisc component in the Linux operating system’s kernel is related to a NULL pointer dereferencing error. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Frames component in Google Chrome and Microsoft Edge allows attackers to bypass existing security restrictions and perform substitution attacks on user interfaces.
The vulnerability of the Frames component in Google Chrome and Microsoft Edge involves bypassing authentication through spoofing. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML page...