17 matches found
WordPress All-in-One Video Gallery plugin <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability
Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion vulnerability discovered by andrea bocchetti in WordPress Plugin All-in-One Video Gallery versions = 4.6.4...
PT-2025-53053
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the RDMA/irdma component of the Linux kernel related to PBLE Persistent Binding List Entry objects. When the irdma module is removed, the memory allocated for the...
CVE-2025-14162
CVE-2025-14162 affects the BMLT WordPress Plugin (
CVE-2023-21934
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows low privileged attacker having User Account privilege with network access via TLS to compromise Java VM. Successful attacks of this...
PT-2025-12365
Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.26.3 Description The issue allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources, even if there is no APIBinding in that workspace or the...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in Oracle Site Hub versions 12.2.3 throu...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business...
MQTT 跨站请求伪造漏洞
MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...
The vulnerability of the iControl REST API for BIG-IP application protection interfaces allows a attacker to execute arbitrary commands, disable arbitrary services, and create or delete arbitrary files.
The vulnerability of the iControl REST API for BIG-IP application protection interfaces is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, disable arbitrary services, and create or delete arbitrary file...
Oracle MySQL 输入验证错误漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...
CVE-2021-34594
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system...
Unspecified Vulnerability in Oracle Outside In Technology (CNVD-2021-07111)
Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. A security vulnerability exists in the Outside In Filters...
Rumpus FTP Server Web File Manager Cross-Site Request Forgery Vulnerability
Rumpus FTP Server is an Internet file transfer solution for the Mac platform. A cross-site request forgery vulnerability exists in the Create/Delete Account feature of Web File Manager in Rumpus FTP Server version 8.2.9.1. The vulnerability stems from the WEB application not adequately verifying...
CVE-2019-11993
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...
ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability
Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...
WordPress plugin 'FormCraft' cross-site request forgery vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin 'FormCraft'. If a user logs into the WordPress admi...
Lynxspring JENEsys BAS Bridge Cross-Site Request Forgery Vulnerability
Lynxspring is a US based company.BAS Bridge is a web based SCADA system.BAS servers are deployed in areas such as commercial facilities, manufacturing, energy, water and wastewater systems and many more. A cross-site request forgery vulnerability exists in Lynxspring JENEsys BAS Bridge. Due to th...