PT-2026-47684

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the six storage get user info and six storage update profile AJAX actions. This is due to the six storage getUserInfo...

CVE-2026-35232

Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...

Entrust nShield Connect XC 安全漏洞

Entrust nShield Connect XC is a network-connected hardware security module from Entrust USA. A security vulnerability exists in Entrust nShield Connect XC that originates from a physical neighbor attacker with elevated privileges can read and write the contents of an unencrypted Appliance SSD...

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

CVE-2023-22125

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications component: Infrastructure. Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Improper access control

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit th...

CVE-2022-33163

IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571...

CVE-2022-21629

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.6.4 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

CVE-2022-21242

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows low privileged attacker with...

CVE-2021-2117

Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromi...

CVE-2019-2519

Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products subcomponent: Manage Requisition Status. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-2654

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products subcomponent: Company Dir / Org Chart Viewer. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2010-0533

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...