42 matches found
mysql: InnoDB unspecified vulnerability (CPU Jul 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2025-3089
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading...
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading...
CVE-2025-3089
CVE-2025-3089 affects ServiceNow AI Platform. The vulnerability is a Broken Access Control issue that could let a low-privilege user bypass access controls and perform a limited set of higher-privilege actions, potentially leading to unauthorized data modifications. ServiceNow reports that patche...
PT-2025-32683 · Servicenow · Servicenow
Name of the Vulnerable Software and Affected Versions: ServiceNow affected versions not specified Description: A Broken Access Control vulnerability was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform actions...
Oracle E-Business Suite 跨站请求伪造漏洞
Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Applications Framework versions...
Oracle MySQL 访问控制错误漏洞
Oracle MySQL is an open source relational database management system.MySQL Client is a MySQL client, a program used to communicate with a server to process information in a database managed by the server. An access control error vulnerability in Oracle MySQL's MySQL Client versions 8.0.0 through...
Oracle Java SE Unknown Vulnerability (Apr 2025) - Linux
Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-27431 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting XSS. This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or...
CVE-2025-27431
CVE-2025-27431 affects SAP NetWeaver Application Server Java. The vulnerability is a Stored Cross-Site Scripting (XSS) in the user management functionality, allowing stored payloads that execute in a victim’s browser and potentially lead to information disclosure or unauthorized data modification...
PT-2024-4894 · Oracle · Oracle Complex Maintenance
Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product within...
Apache Airflow Security Bypass Vulnerability (CNVD-2024-0101523)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.8.0,...
mysql: Server: Options unspecified vulnerability (CPU Oct 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Oracle Linux 8 : java-17-openjdk (ELSA-2022-5726)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5726 advisory. 1:17.0.4.0.8-0.2.ea - Add rpminspect.yaml to turn off Java bytecode inspections - java-17-openjdk deliberately produces Java 17 bytecode, not the defau...
CVE-2021-34395
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...
Design/Logic Flaw
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2020-41747)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. MySQL Server 8.0.20 and prior versions of Server in Oracle MySQL: Security: A security vulnerability exists in the Roles component. An attacker can...
Unspecified Vulnerability in Oracle Hospitality Applications (CNVD-2020-17126)
Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle. The product offers features such as human resource cost management, tracking and management of services throughout a customer's journey to improve customer...
CVE-2019-8988
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data...
CVE-2017-10050
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: WebConnect. Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...