The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools in the enterprise resource management system makes it possible for a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools system’s resource management system is related to the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the...

CVE-2024-56508

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads...

CVE-2024-5201

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request...

PHP Parser 安全漏洞

PHP Parser is a PHP parser written in PHP by Nikita Popov, a personal developer. A security vulnerability exists in PHP Parser version v3.2.1, which stems from the lib.combine function containing a prototype contamination vulnerability...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability, which stems from post-release reuse in Skia, that can be exploited by an attacker to cause heap corruption via a crafted HTML page...

Celk Sistemas Celk Saude 安全漏洞

Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which originates from the presence of a hypertext markup language injection vulnerability that allows an attacker to inject...

The vulnerability of the Extensions component of Google Chrome and Microsoft Edge browsers allows attackers to enhance their privileges.

The vulnerability of the Extensions component in Google Chrome and Microsoft Edge exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge allows attackers to escalate their privileges.

The vulnerability of the Navigation function in Google Chrome and Microsoft Edge exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through a specially created HTML page...

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to replace the user interface.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

The vulnerability of the Payments component in Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.

The vulnerability of the Payments component in Google Chrome and Microsoft Edge involves exploiting authentication bypass techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the user interface with a specially created HTML pa...

IBM Cloud Pak System 安全漏洞

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. An information disclosure vulnerability exists in...

CVE-2025-21563

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Run Control Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-21560

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: SDK-Software Development Kit. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...

Payara Server和Payara Micro 注入漏洞

Payara Server and Payara Micro are both products of Payara, Inc. of the U.K. Payara Server is a cloud-native, innovative, open-source middleware platform. payara Micro is an open-source, lightweight middleware platform for containerized Jakarta EE Java EE application deployment. An injection...

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000, related to bypassing authentication by using a user-controlled key, allows intruders to escalate their privileges.

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to enhance their privileges by...

HCL DRYiCE MyXalytics 安全漏洞

HCL DRYiCE MyXalytics is a unified reporting and dashboard product from HCL Corporation, USA. A security vulnerability exists in HCL DRYiCE MyXalytics that stems from susceptibility to an out-of-band resource loading HTTP vulnerability...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which originated from allowing hypertext markup language injection by investigating field names, which could allow malicious actions to be performed withou...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

PT-2025-7269 · Weeek · Weeek

Name of the Vulnerable Software and Affected Versions: WEEEK affected versions not specified Description: The issue is related to the lack of protection of the web page structure, allowing an attacker to execute arbitrary code by injecting specially crafted HTML code. Recommendations: At the...

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370...