shiro: Authentication bypass through a specially crafted HTTP request

A flaw was found in Apache Shiro. This issue may allow a malicious user to send a specially crafted HTTP request that could cause an authentication bypass...

DEBIAN-CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Analytics Server component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device throu...

CVE-2023-27864

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS such that when users upload temporary files it is possible to upload .html or .htm files containing a malicious payload. The resulting link can be sent to an administrator user. Details Cross-site scripting or X...

The vulnerability of the Web Services component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, allows attackers to trigger service failures.

The vulnerability of the Web Services component of the Oracle WebLogic Server application server, a software platform of Oracle Fusion Middleware, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using the HTTP...

matrix-react-sdk 注入漏洞

matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. matrix-react-sdk version 3.71.0 before the injection vulnerability , the vulnerability stems from the inclusion of HTML tags in the search results of plain text messages will be rendered a...

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

OpenJDK: Swing HTML parsing issue (8296832)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome has a security vulnerability in versions prior to 112.0.5615.137. The vulnerability is due to the Service Worker API in the affected version allows remote attackers to potentially exploit heap corruption via specially...

Cloud hypervisor 资源管理错误漏洞

Cloud hypervisor is Cloud hypervisor's virtual machine monitor for modern cloud workloads. Cloud hypervisor suffers from an access control error vulnerability that originates from allowing a user to send a malicious HTTP request via an HTTP API socket, which can be exploited by an attacker to cau...

CVE-2023-21984

Vulnerability in the Oracle Solaris product of Oracle Systems component: Libraries. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can...

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools version 9.2, which can be exploited by an attacker...

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability exists in the Core component of Oracle Health Sciences Applications version 6.3.1.3 and earlier and version 7.0.0.1 and earlier. A...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Applications is a suite of financial services software from Oracle USA. The product includes core banking, online banking, and estate management. A security vulnerability exists in the SMS Module component of Oracle Financial Services Applications versions 14.5, 14.6, an...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from the fact that the HTML macro does not properly neutralize html tags related to scripts...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top-level XWiki projects of the XWiki Foundation in France. A cross-site scripting vulnerability exists in XWiki Commons version 4.2-milestone-1, which stems from Not escaping attributes that can be used to inject scripts, and not...

PT-2023-2464 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Windows operating systems. Exploitation of this issue may allow an attacker to conduct spoofing...

DEBIAN-CVE-2023-24534

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than requir...