Vulnerabilities in Oracle E-Business Suite components

Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...

📄 ChurchCRM 6.4.0 Cross Site Scripting

ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...

EUVD-2021-11106

Malware in sbrugna...

EUVD-2019-13490

Malware in sbrugna...

EUVD-2020-18547

Malware in sbrugna...

EUVD-2019-7958

Malware in sbrugna...

EUVD-2024-18947

Malicious code in bioql PyPI...

EUVD-2023-44663

Malicious code in bioql PyPI...

CVE-2023-2921

The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers...

CVE-2021-24189

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then...

CVE-2019-15955

An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with On=2n instead of On=n^x complexity...

kernel: Kernel: Denial of Service in amdgpu driver due to improper interrupt handling

A flaw was found in the Linux kernel's amdgpu graphics driver. A local user with low privileges could exploit this vulnerability due to the improper use of the amdgpuirqput function within the gmcv100hwfini component. This flaw leads to a call trace, which can result in a system crash and a Denia...

CVE-2022-3768 WPSmartContracts < 1.3.12 - Author+ SQLi

The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author...

CVE-2019-14969

Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService which writes to that directory does not perform proper impersonation, and thus the target file will have the same...