CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

CVE-2026-23927

The CVE-2026-23927 entry describes a vulnerability in the Agent 2 Oracle plugin where an authenticated user who can connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can cause Agent 2 to connect to an attacker-controlled server and may leak Oracle dat...

EUVD-2025-9151

Malicious code in bioql PyPI...

EUVD-2025-2834

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-0638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Least privilege violation in the Checkmk agent plugins mkoracle, mkoracle.ps1, and mkoraclecrs before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL...

CVE-2012-2291

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack...

WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Norse Rune Oracle Plugin versions = 1.4.3...

CVE-2025-31884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Stored XSS.This issue affects Norse Rune Oracle Plugin: from n/a through = 1.4.3...

CVE-2025-31884 WordPress Norse Rune Oracle Plugin plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS. This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.3...

CVE-2025-31884

CVE-2025-31884 affects the Norse Rune Oracle Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin, with affected versions from unknown (n/a) up to 1.4.3. Root cause: improper neutralization of input during web page generation. Impact (as stated): potential ...

PT-2025-14260 · Unknown · Norse Rune Oracle Plugin

Name of the Vulnerable Software and Affected Versions: Norse Rune Oracle Plugin versions 1.4.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can...

CVE-2025-22556

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through = 1.4.2...

CVE-2025-22556

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Norse Rune Oracle Plugin norse-runes-oracle allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through = 1.4.2...

PT-2025-4547 · Greg Whitehead · Norse Rune Oracle Plugin

Name of the Vulnerable Software and Affected Versions: Greg Whitehead Norse Rune Oracle Plugin versions n/a through 1.4.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing...

UBUNTU-CVE-2024-0638

Least privilege violation in the Checkmk agent plugins mkoracle, mkoracle.ps1, and mkoraclecrs before Checkmk 2.3.0b4 beta, 2.2.0p24, 2.1.0p41 and 2.0.0 EOL allows local users to escalate privileges...

PT-2024-15710 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0b4 beta Checkmk versions prior to 2.2.0p24 Checkmk versions prior to 2.1.0p41 Checkmk version 2.0.0 Description: The issue is related to a least privilege violation in the Checkmk agent plugins mk oracle, mk...

Re: EMC Avamar: World writable cache files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-003: EMC Avamar Client Elevation of Privilege Vulnerability EMC Identifier: ESA-2013-003 CVE Identifier: CVE-2012-2291 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected Products: EMC Avamar HP-UX Client 4.x, 5.x and...