PT-2026-37979

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow contain security vulnerabilities. These vulnerabilities allow any user to access the flowid, read other users’ transacti...

CVE-2026-34324

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-34283

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

ROS-20260216-73-0032

A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...

CVE-2026-2094 Flowring｜Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-12865

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

CVE-2025-62287

Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications component: Web Server. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Science...

EUVD-2025-33717

An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::deletemem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2023-21971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.32 and prior. Difficult to...

CVE-2025-21489

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Core for Oracle Database Server. An attacker coul...

CVE-2024-6422

CVE-2024-6422 affects Pepperl+Fuchs OIT-series devices (e.g., OIT1500-F113-B12-CB, OIT200-F113-B12-CB, OIT500-F113-B12-CB, OIT700-F113-B12-CB) and is caused by an unauthenticated Telnet-enabled access control error that allows a remote attacker to manipulate the device, stop processes, and read/d...

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...

PT-2024-21978

Name of the Vulnerable Software and Affected Versions: GNU Savane versions 3.12 and earlier Description: The issue allows a remote attacker to delete arbitrary files via crafted input to the trackers data delete file function. This is due to an Insecure Direct Object Reference IDOR in the softwar...

JFinalCMS SQL注入漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

Design/Logic Flaw

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-21992

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Administer Workforce. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17693)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to corrupt or delete data...