1447 matches found
CVE-2024-20947
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
kernel: net/sched: sch_hfsc UAF
A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...
kernel: net/sched: sch_hfsc UAF
A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...
kernel: net/sched: sch_hfsc UAF
A use-after-free flaw was found in the Linux kernel's net/sched: schhfsc HFSC qdisc traffic control component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSCFSC flag set, has a parent without a link-sharing curve, then...
CVE-2023-7019
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inserttemplate function in all versions up to, and including, 2.6.8. This makes it possible for authenticated...
PT-2024-15181 · WordPress · The Lightstart – Maintenance Mode
Name of the Vulnerable Software and Affected Versions: The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to a missing capability check on the insert template function, allowing...
PT-2024-15072 · WordPress · Envira Photo Gallery
Name of the Vulnerable Software and Affected Versions: Envira Photo Gallery plugin for WordPress versions up to, and including, 1.8.7.1 Description: The issue allows authenticated attackers with contributor access and above to modify galleries on other users' posts due to an improper capability...
CVE-2023-7224
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...
PT-2024-1066 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...
PT-2023-31293 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTitle parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are se...
PT-2023-31294 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...
CVE-2023-49681
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-49677
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database...
CVE-2023-50824
CVE-2023-50824 affects the WordPress plugin Insert or Embed Articulate Content into WordPress (versions from n/a to 4.3000000021). The issue is Stored Cross-Site Scripting due to improper input neutralization during Web Page Generation. Root cause: improper neutralization of input; impact: stored...
PT-2023-31287 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns Unauthenticated SQL Injection vulnerabilities. Specifically, the txtTitle parameter of the "Employer/InsertJob.php" resource does not validate the characters received, and they are sent...
PT-2023-31292 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the txtDesc parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, sending them...
PT-2023-31291 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtDate parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...
postgresql: MERGE fails to enforce UPDATE or SELECT row security policies
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows...
UBUNTU-CVE-2023-50471
cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSONInsertItemInArray at cJSON.c...
Improper Restriction Of Rendered UI Layers Or Frames
chromium is vulnerable to Improper Restriction of Rendered UI Layers or Frames. The vulnerability is due to the Inappropriate implementation in Web Browser UI in Google Chrome. This allows an attacker to overlay or insert additional UI content...