mysql: mysqldump unspecified vulnerability (CPU Oct 2024)

Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to read data or modify data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain read access to data or modify data using network packets...

Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, allowing attackers to gain read access to data, modify data, or obtain privileged access.

The vulnerability of the Server component, specifically Security: Privileges of the Oracle MySQL Server database management system, relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data, modify...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a attacker to gain read access to data or modify data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read access to data or modify data through HTTP...

The vulnerability of the check_access() function in the system for launching and managing large language multimodal systems (LoLLMS) allows a perpetrator to gain access to read, modify, or delete data, or to cause service failures.

The vulnerability of the checkaccess function in the system for launching and managing large language multimodal systems LoLLMS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data, or to cau...

CVE-2024-28987

The SolarWinds Web Help Desk WHD software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data...

CVE-2024-22059

A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS...

The vulnerability of the AppleMobileFileIntegrity component in the MacOS operating system allows a perpetrator to gain access to read and modify data.

The vulnerability of the AppleMobileFileIntegrity component in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to read and modify data...

The vulnerability of the IBM Sterling Secure Proxy proxy server arises from the improper assignment of permissions for the critical resource. This allows a malicious actor to gain unauthorized access to read, modify, or delete data.

The vulnerability of the IBM Sterling Secure Proxy proxy server is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or...

CVE-2025-21542

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications component: Security. Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ...

CVE-2025-21507

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

CVE-2025-0585

The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in authentication procedures, which allow attackers to circumvent security restrictions and gain access to read, modify, or delete data.

The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain access to read, modify, or delete data...

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A code issue vulnerability exists in SAP NetWeaver AS, which stems from susceptibility to a stored cross-site scripting attack that allows an...

The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. It allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, as well as the Oracle E-Business Suite system for automating business operations, is related to deficiencies in the authentication process. Exploiti...

The vulnerability of the Apache Superset data visualization software lies in its authentication procedures’ flaws, which allow unauthorized users to gain unauthorized access to read, modify, or delete data.

The vulnerability of Apache Superset’s data visualization software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending specially crafted request...

CVE-2024-10476

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information PHI and personally identifiable information PII. Exploitation of this...

IBM Concert 安全漏洞

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. A...