CVE-2021-2106

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

PT-2026-2168

Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a SQL injection issue in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient...

CVE-2026-20893

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/o...

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker who can modify client-side JavaScript or construct HTTP requests that could result in access to disabled functionality...

CVE-2026-22535 FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured unencrypted MQTT communications protocol, write on the server topics of the board that controls the MQTT communications...

CVE-1999-0304

mmap function in BSD allows local attackers in the kmem group to modify memory through devices...

CVE-1999-0795

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches...

CVE-1999-0792

ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration...

CVE-1999-0323

FreeBSD mmap function allows users to modify append-only or immutable files...

CVE-2025-14465

CVE-2025-14465 : The Sticky Action Buttons plugin for WordPress (all versions up to 1.1) is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in sabs_options_page_form_submit(). This allows unauthenticated attackers to update plugin settings by inducing a site ...

CVE-2025-13964

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catchlpajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents b...

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2026-20893

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/o...

WordPress plugin aBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2026-1565

Name of the Vulnerable Software and Affected Versions Quote Comments plugin for WordPress versions through 3.0.0 Description The Quote Comments plugin for WordPress is susceptible to a missing authorization issue. This flaw stems from the absence of proper authorization checks within the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000193 advisory. In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modifyldt and ...

CVE-2025-13744 Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed rendering of malicious HTML

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component search across GitHub that could be used to exfiltrate sensitive information. An attacker would requi...

CVE-2020-36920

CVE-2020-36920 affects iDS6 DSSPro Digital Signage System, version 6.2. The vulnerability is due to improper access control that enables authenticated users to escalate privileges via console JavaScript functions. Attackers can create users and modify roles/permissions, potentially taking full co...

CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by...

CVE-2020-36916 TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system...