26 matches found
Oracle Financial Services Analytical Applications Infrastructure 安全漏洞
Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. There is a security vulnerability in Oracle Financial Services Analytical Applications Infrastructure, which stems from issues with the Platform...
CVE-2026-30885
WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...
EUVD-2026-3776
ManageIQ is an open-source management platform. A flaw was found in the ManageIQ API prior to version radjabov-2 where a malformed TimeProfile could be created causing later UI and API requests to timeout leading to a Denial of Service. Version radjabov-2 contains a patch. One may also apply the...
CVE-2025-15115
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin...
EUVD-2022-52748
Malicious code in bioql PyPI...
CVE-2025-11025
Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0...
CVE-2025-10821
A flaw has been found in fuyanglipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be us...
Finding SSH Strict Key Exchange Violations by State Learning
SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, B�umer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension...
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by providing only a...
Mozilla Firefox ESR < 115.26
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.26. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-57 advisory. - Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox E...
The vulnerability of CommVault’s backup and disaster recovery platform, related to incorrect restrictions on the path to the restricted-access catalog, allows a perpetrator to execute arbitrary code.
The vulnerability of CommVault’s backup and disaster recovery platform lies in the improper limitation of the path name to the restricted-access catalog. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...
The vulnerability of the Yokogawa Dual-redundant Platform for Computer (PC2CKM) lies in the improper checking of the return value of a method or function, allowing an attacker to trigger a service failure.
The vulnerability of the Yokogawa Dual-redundant Platform for Computer PC2CKM is related to improper checking of the return value of a method or function. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending broadcast UDP packets...
SUSE CVE-2011-2139
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via...
The vulnerability of the implementation of TLS and SSL software from Mbed TLS allows a attacker to rewrite data in the memory buffer and restore the encrypted RSA key.
The vulnerability of the implementation of TLS and SSL software from Mbed TLS relates to the possibility of writing data beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to rewrite data into the memory buffer and restore the encrypted RSA key...
The vulnerability of the Extensions API for Microsoft Edge and Google Chrome browsers allows a perpetrator to disclose protected information.
The vulnerability of the Extensions API for Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information through a specially created web page...
The vulnerability of RSA Security Analytics and Netwitness Platform’s security tools lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.
The vulnerability of the RSA Security Analytics and Netwitness Platform security tools exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the JBoss Enterprise Application Platform exists due to the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks and disclose the protected information.
The vulnerability of the JBoss Enterprise Application Platform exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and disclose sensitive information by using an SAMLRequest...
JetBrains YouTrack server code execution vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A code execution vulnerability exists in the JetBrains YouTrack server. The vulnerability...
DEBIAN-CVE-2018-14453
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData1 access in the function store16 in helper.h...
CVE-2017-1460
IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379...