Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Product Hub versions 12.2.3...

PT-2025-42951

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.43 Oracle MySQL versions 8.4.0 through 8.4.6 Oracle MySQL versions 9.0.0 through 9.4.0 Description A flaw exists in the InnoDB component of Oracle MySQL Server. A high-privileged attacker with network...

PT-2025-42933

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9 through 8.0.8.7 Oracle Financial Services Analytical Applications Infrastructure version 8.1.2.5 Description An easily exploitable issue exists in the Oracle...

Work Examiner Professional 安全漏洞

Work Examiner Professional is an employee computer monitoring software from Work Examiner USA. A security vulnerability exists in Work Examiner Professional that stems from the use of weakly hard-coded credentials by the FTP server, which could lead to data modification or reading and remote code...

Oracle JD Edwards 安全漏洞

Oracle JD Edwards is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The product offers application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD Edwards' JD...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities.PeopleSoft Enterprise PeopleTools is one of the tools and...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation USA. A security vulnerability exists in Oracle MySQL for MySQL Server versions 8.0.0 through 8.0.43, 8.4.0 through 8.4.6, and 9.0.0 through 9.4.0, which originates from a network access by an attacker wit...

WordPress Felan Framework plugin unauthorized data modification vulnerability

The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a suite of fully integrated global business management software from Oracle Corporation USA. The software provides customer relationship management, service management, financial management, etc. Applications Manager is one of the components used to monitor the...

Object-Relational Mapping (ORM) Leak

An Object-Relational Mapping ORM Leak vulnerability occurs when an application does not properly control how user-provided data is passed to the ORM. An attacker can exploit this by manipulating input parameters to query fields that are not intended to be exposed. This can lead to the disclosure ...

Oracle JD Edwards 安全漏洞

Oracle JD Edwards is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The product offers application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD Edwards' JD...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other capabilities. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

WordPress Library Management System plugin unauthorized data modification vulnerability

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

EUVD-2025-34984

The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to upload limited safe files and erase conversatio...

CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

CVE-2025-11372

CVE-2025-11372 affects the LearnPress – WordPress LMS Plugin (WordPress) up to and including version 4.2.9.3. The root cause is missing capability checks on Admin Tools REST endpoints, with permission_callback set to __return_true, enabling unauthenticated attackers to perform destructive databas...

WordPress plugin ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

VulnCheck KEV: CVE-2025-11372

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

WordPress plugin FileBird 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An authorizati...

CVE-2025-10849

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...