6334 matches found
CVE-2026-46820
Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2021-4481
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4480
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2026-9844 Vulnerability in navify® Digital Pathology
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
PT-2026-45764
Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...
PT-2026-45860
Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...
PT-2026-45861
Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...
com.cognifide.aet:cleaner (>=2.0.0 <=3.2.2), com.cognifide.aet:communication (>=2.0.0 <=3.2.2) +125 more potentially affected by CVE-2026-42253 via org.apache.activemq:activemq-web (>=5.0.0 <=5.19.6)
org.apache.activemq:activemq-web MAVEN version =5.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =1.1.0, =2015.12.01, =2015.12.01, =2015.12.01, =2018.9.8 - com.hi3project.vineyard:vineyard-yottacontainer =0.9.0 - com.webtide.hightide:auctiondemo =6.1H.8 -...
org.apache.fluss:fluss-dist (=0.8.0-incubating), org.apache.fluss:fluss-docgen (=0.9.0-incubating) +21 more potentially affected by CVE-2026-49361 via org.apache.fluss:fluss-common (>=0.8.0-incubating <=0.9.0-incubating)
org.apache.fluss:fluss-common MAVEN version =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating,...
CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters
An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...
Exploit-Databases
💥 Exploits Database & PoC Resources Koleksi exploit databas...
Malicious code in js-shared-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d28882e3ff8afe78db631ca5e1129d2b08f976f17f66ffe2b14834184ce09a package.json declares "postinstall": "node poc.js", which fires automatically on every npm install. poc.js reads os.hostname, hex-encodes it, and...
MAL-2026-5098 Malicious code in js-shared-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5d28882e3ff8afe78db631ca5e1129d2b08f976f17f66ffe2b14834184ce09a package.json declares "postinstall": "node poc.js", which fires automatically on every npm install. poc.js reads os.hostname, hex-encodes it, and...
CVE-2018-25421 Open STA Manager 2.3 Arbitrary File Download via Path Traversal
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...
CVE-2018-25421
Open STA Manager 2.3 is affected by a path traversal vulnerability that lets authenticated users download arbitrary files by calling modules/backup/actions.php?op=getfile and traversing with ../ sequences to access sensitive system files. Affected component is the Open STA Manager implementation;...
PT-2026-45121
Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules/backup/actions.php with op=getfile and traverse directories using ../ sequences to access sensiti...
GHSA-R9PM-GXMW-WV6P NodeVM network builtin exclusions bypass via internal _http_client and _http_server
Summary NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as httpclient and...
CVE-2018-25386
HaPe PKH 1.1 is affected by SQL injection in admin/media.php via the 'id' parameter. The vulnerability allows an unauthenticated attacker to target desa (module=desa&act=hapus), while authenticated users can hit pengurus, fasilitas, and kelompok modules (e.g., act=print, act=editpengurus, act=edi...
PT-2026-44969
A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...