147 matches found
Oracle Universal Work Queue 安全漏洞
Oracle Universal Work Queue is a flexible work presentation and access tool developed by Oracle, a company in the United States. This software provides centralized viewing of work, access requests, and organization of work, thereby improving efficiency and productivity. Versions 12.2.3 to 12.2.15...
CVE-2026-8381
A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...
EUVD-2026-12789
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...
CVE-2025-15587
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 for tcPDU, 1.67 for LK3...
CVE-2026-26368 JUNG eNet SMART HOME server 2.2.1/2.3.1 Account Takeover via resetUserPassword
eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC method that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without...
GHSA-WM8H-26FV-MG7G phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing)
Summary Authenticated non‑admin users can call /api/setup/backup and trigger a configuration backup. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. Details SetupController.php uses userIsAuthenticated but does not verify that the requester has...
CVE-2022-31673
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution...
CVE-2019-2857
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: UIF Open UI. Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful...
CVE-2024-39753
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability...
CVE-2025-64997
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure...
CVE-2025-64553 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-64550 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...
PT-2025-50395
Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited by a low privileged attacker to execute malicious scripts in the context of the victim's browser. Exploitation of this issue requires user interaction,...
CVE-2025-6571
A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it...
CVE-2025-20289
Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management, etc. Applications Framework OA Framework, OAF is one of the business development platform...
EUVD-2020-30783
Malware in sbrugna...
EUVD-2017-12600
Malware in sbrugna...
EUVD-2017-12613
Malware in sbrugna...
EUVD-2017-1835
Malware in sbrugna...