10511 matches found
PT-2022-13802 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...
Red Lion DA50N
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2...
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to read, modify, add, or delete data, or to cause a partial service disruption.
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to gain read access to data, modify, add, or delet...
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify, add...
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data o...
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to data reading or modify data.
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data o...
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor system allows a perpetrator to gain access to data reading or modify data.
The vulnerability of the Mediation Engine component of the Oracle Communications Operations Monitor visualization and monitoring system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data...
The vulnerability of the WebUI component of the Oracle Enterprise Session Border Controller allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Oracle Enterprise Session Border Controller’s WebUI component exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely gain access to modify, add, or delete data through HTTP requests...
VulnCheck KEV: CVE-2022-1329
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...
The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to read, modify, or delete data, or to cause a service failure.
The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data, or to cause a service failure using t...
CVE-2022-27958
Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information...
The vulnerability of the Samples component of the Oracle WebLogic Server application server allows a perpetrator to gain access to read data or modify data.
The vulnerability of the Samples component of the Oracle WebLogic Server application server exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read data or modify data through HTTP requests...
The vulnerability of the Policy Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain read, modify, add, or delete access to data.
The vulnerability of the Policy Framework component of the Enterprise Manager Base Platform is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain access to read, modify, add, or delete data...
The vulnerability of the GL Accounts component of the Oracle Trade Management business platform allows a hacker to gain read, modify, add, or delete access to data.
The vulnerability of the GL Accounts component of the Oracle Trade Management business platform is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data using the HTTP protocol...
The vulnerability of the UI Servlet component of the Oracle Configurator allows a attacker to gain access to read, modify, add, or delete data.
The vulnerability of the UI Servlet component of the Oracle Configurator relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain access to read, modify, add, or delete data using the HTTP protocol over the network...
The vulnerability of the Web API component of the Primavera Portfolio Management software allows a malicious individual to gain unauthorized access to read, modify, or delete data.
The vulnerability of the Web API component of Primavera Portfolio Management software relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using network HTTP protoco...
The vulnerability of the Expenses component in the Oracle Project Costing calculation service’s CurrencyOverride feature allows a malicious actor to gain unauthorized access to create, modify, or delete data.
The vulnerability of the Expenses component in the Oracle Project Costing calculation service’s CurrencyOverride feature is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to create, modify, o...
The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to read, modify, or delete data, or to cause a service failure.
The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data, or to cause service failures using...
IBM Security Verify Access 输入验证错误漏洞
IBM Security Verify Access ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...
CVE-2022-22311
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens...