The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—systems that enable attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

Google Chrome heap buffer overflow vulnerability (CNVD-2025-20475)

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A flaw was found in WebKitGTK. This issue exists due to a boundary error when processing malicious HTML content in WebKit, which could result in memory corruption and arbitrary code execution on the target system...

The vulnerability of the Dawn component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Dawn component in the Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created HTTP request...

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS

A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service DoS attack...

nodejs: CONTINUATION frames DoS

A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...

The vulnerability of the FortiVoice enterprise telephony software relates to the bypassing of authentication procedures by using a user-controlled key, allowing an intruder to access the configuration SIP files.

The vulnerability of the FortiVoice corporate telephony software relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose configuration SIP files by sending specially crafted HTTP or HTTP requests...

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Analytics Web Answers component of the Oracle Business Intelligence Enterprise Edition software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer during the processing of HTML content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability in the implementation of the HTTP/2 protocol in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a perpetrator to induce a service failure.

The vulnerability in the HTTP/2 implementation of Mozilla Firefox, Firefox ESR, and the Thunderbird email client is related to an uncontrolled resource consumption due to improper restrictions on the size of fields during the processing of CONTINUATION frames. Exploiting this vulnerability can...

SUSE CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

WordPress plugin Elementor Header & Footer Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PrivateGPT Security Vulnerabilities

PrivateGPT is an AI project. A security vulnerability exists in PrivateGPT that stems from improper file upload validation, which can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser session by uploading a malicious HTML file...

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

The vulnerability of the Search Framework component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a hacker to gain access to read, modify, add, or delete data.

The vulnerability of the Search Framework component in the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete dat...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

DEBIAN-CVE-2024-4761

Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...