11 matches found
EUVD-2026-19858
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifier...
CVE-2026-39346 OrangeHRM has Improper Access Control Allowing Access to Disabled Modules via URL Encoding
OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...
CVE-2026-33155 DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have...
Vocera Report Server 路径遍历漏洞
Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the fact that the Vocera...
Vocera Report Server 代码问题漏洞
Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by the Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the BaseController...
CVE-2019-2433
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: XML Publisher. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...
Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CNVD-2019-28456)
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...
CVE-2017-13210
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is n...
DEBIAN-CVE-2017-0841
A remote code execution vulnerability in the Android system libutils. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026...
CVE-2017-0811
A remote code execution vulnerability in the Android media framework libhevc. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177...
OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX...