10515 matches found
WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization
Description The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update...
PT-2024-17942 · WordPress · The Directorist: Ai-Powered Wordpress Business Directory Plugin With Classified Ads Listings
Name of the Vulnerable Software and Affected Versions: The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress versions up to, and including, 7.8.4 Description: The issue allows unauthorized modification of data due to a missing capability check on...
OpenJDK: IOR deserialization issue in CORBA (8303384)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...
GHSA-47G3-MF24-6559 Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...
CVE-2024-20980
Vulnerability in the Oracle BI Publisher product of Oracle Analytics component: Web Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful...
CVE-2024-20956
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Installation. Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2024-20943
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge...
CVE-2024-20935
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Engineering Change Order. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed...
CVE-2024-20929
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: DB Privileges. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applicati...
DEBIAN-CVE-2024-20919
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...
UBUNTU-CVE-2024-20919
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...
CVE-2024-20919
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...
UBUNTU-CVE-2024-20925
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...
CVE-2024-21915
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2023-4537
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
Design/Logic Flaw
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
CVE-2023-4537 Protocol Downgrade in Comarch ERP XL
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
CVE-2023-4537 Protocol Downgrade in Comarch ERP XL
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2...
CVE-2023-4537
CVE-2023-4537 affects Comarch ERP XL client (ERP XL: 2020.2.2–2023.2). The issue is a server‑side MS SQL protocol downgrade that can lead to unencrypted communication vulnerable to data interception and modification. The available documents confirm the affected software and the root cause (downgr...
EBM Technologies RISWEB SQL Injection Vulnerability
EBM Technologies RISWEB is an application from China-based EBM Technologies EBM Technologies. EBM Technologies RISWEB suffers from a SQL injection vulnerability that stems from not properly restricting user input. A remote attacker can inject SQL commands without authentication to be able to read...