CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

PT-2026-37979

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow contain security vulnerabilities. These vulnerabilities allow any user to access the flowid, read other users’ transacti...

CVE-2026-34324

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-34283

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

ROS-20260216-73-0032

A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...

CVE-2026-2094 Flowring｜Docpedia - SQL Injection

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-12865

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-61762

Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft component: Payables. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables...

CVE-2025-62287

Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications component: Web Server. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Science...

EUVD-2025-33717

An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::deletemem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2023-21971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.32 and prior. Difficult to...

CVE-2025-21489

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Region Mapping. Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advance...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...

The vulnerability of the Gogs software interface allows a hacker to gain access to read, modify, or delete data.

The vulnerability of the Gogs Git repository creation software interface is related to errors in handling symbolic links. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to read, modify, or delete data...

The vulnerability of the tracefs file system in the Linux operating system allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the tracefs file system in the Linux operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Core for Oracle Database Server. An attacker coul...

The vulnerability of the Personalization component of the Oracle Applications Framework, a web application development platform, within the Oracle E-Business Suite, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Personalization component of the Oracle Applications Framework, a platform for developing web applications in enterprise automation systems within the Oracle E-Business Suite, is related to improper authentication. Exploiting this vulnerability allows an attacker to gain...

CVE-2024-6422

CVE-2024-6422 affects Pepperl+Fuchs OIT-series devices (e.g., OIT1500-F113-B12-CB, OIT200-F113-B12-CB, OIT500-F113-B12-CB, OIT700-F113-B12-CB) and is caused by an unauthenticated Telnet-enabled access control error that allows a remote attacker to manipulate the device, stop processes, and read/d...

CVE-2024-27630

Insecure Direct Object Reference IDOR in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackersdatadeletefile function...