The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.

The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain read, modify, or delete access to data by downloading the...

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or to modify, add, or delete...

The vulnerability of the UI and visualization components of the Oracle Hyperion Workspace application allows a malicious individual to gain unauthorized access to protected information. This access enables them to modify, add, or delete data, or cause service interruptions.

The vulnerability of the UI and visualization components of the Oracle Hyperion Workspace reporting application relates to insecure management of privileges. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information, to modify, add, or delete data,...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to disclose protected information or gain access to modify, add, or delete data.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disclose protected information or gain access to modify, add, or delete data...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to gain access to modify, add, or delete data, or to cause a service failure.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to, modify, add, or delete data, or cause service interruptions...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an attacker to gain access to modify, add, or delete data, or to cause a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data, or cause service failures...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to enable changes, addition, or deletion of data...

CVE-2020-21881

Cross Site Request Forgery CSRF vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add...

OpenJDK: missing string checks for NULL characters (8296622)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to explo...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves errors in processing input data. Exploiting this vulnerability can allow an attacker to gain read access to data and modify it...

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

CVE-2023-3956

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

CVE-2023-3956

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

Design/Logic Flaw

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

CVE-2023-3956 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

CVE-2023-3956

CVE-2023-3956 affects the InstaWP Connect WordPress plugin (versions up to and including 0.0.9.18). The vulnerability stems from a missing capability check in the events_receiver function, enabling unauthenticated attackers to add, modify, or delete posts and taxonomies, install/activate/deactiva...

WordPress plugin InstaWP Connect 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin ACF Photo Gallery Field 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ACF Photo Gallery...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).

...

PT-2023-32949 · Folio · Mod-Data-Export-Spring

Name of the Vulnerable Software and Affected Versions: FOLIO mod-data-export-spring versions before 1.5.4 FOLIO mod-data-export-spring versions from 2.0.0 to 2.0.2 Description: The issue concerns hard-coded credentials in the mod-data-export-spring module, allowing unauthenticated users to access...