The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Networking component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to the ability to bypass authentication through phising techniques. Exploiting this vulnerability can allow an attacker, operating remotely, t...

Exploit for CVE-2023-3124

CVE-2023-3124 CVE-2023-3124 Proof of Concept This is a proof...

Advisory ROSA-SA-2023-2227

software: buildah 1.30.0 AXIS: ROSA-CHROME packageevrstring: buildah-1.30.0-2.src.rpm CVE-ID: CVE-2022-27651 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There was a bug in the build that caused containers to incorrectly start with non-empty default permissions. A bug was discovered in Moby Docker...

The vulnerability of the Security component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Security component of Oracle Java SE and the Oracle GraalVM Enterprise Edition software lies in a rounding error. Exploiting this vulnerability can allow an attacker to gain access to data, enabling them to modify, add, or delete data remotely...

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data remotely...

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-2174

The CVE-2023-2174 entry concerns the BadgeOS WordPress plugin. A missing capability check in the function delete_badgeos_log_entries allows authenticated users with subscriber-level permissions and above to modify the plugin’s data by deleting log entries. This affects BadgeOS versions up to and ...

WordPress plugin BadgeOS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-18342 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by deleting the plugin's log entries due to a missing...

The vulnerability of the Log Viewer component of the SAP NetWeaver AS for Java software platform allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Log Viewer component of the SAP NetWeaver AS for Java software platform is related to incorrect processing of data written to registration logs. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, or delete data by...

OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

Design/Logic Flaw

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

CVE-2023-4600

AffiliateWP for WordPress (CVE-2023-4600) is affected up to version 2.14.0 and can be exploited by authenticated users with subscriber-level access to activate arbitrary plugins due to a missing capability check in affwp_activate_addons_page_plugin invoked via AJAX. Evidence from multiple sources...

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

PT-2023-29786 · WordPress · Affiliatewp

Name of the Vulnerable Software and Affected Versions: AffiliateWP for WordPress versions up to, and including, 2.14.0 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability check on the affwp...

CVE-2023-33852

IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614...

CVE-2023-37433

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

CVE-2023-37436

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...