44 matches found
CVE-2025-50086
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...
CVE-2025-6848
The CVE-2025-6848 entry concerns code-projects Simple Forum 1.0. Multiple connected sources specify a vulnerability in the processing of the File argument in /forum1.php that allows unrestricted file uploads. The root cause is an inadequate validation/handling of uploaded files, enabling a remote...
CVE-2024-20361
A vulnerability in the Object Groups for Access Control Lists ACLs feature of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense FTD Software. This...
CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with...
CVE-2002-2369
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL...
CVE-2025-27690
Dell PowerScale OneFS contains a default-password vulnerability affecting versions 9.5.0.0–9.10.1.0. An unauthenticated remote attacker could potentially take over a high-privilege account due to use of default credentials. The issue is documented with a CVSSv3.1 base score of 9.8 (CRITICAL) and ...
CVE-2024-48013
CVE-2024-48013 affects Dell SmartFabric OS10 Software (versions 10.5.4.x–10.6.0.x). The issue is an Execution with Unnecessary Privileges vulnerability that allows a low-privileged, remote attacker to achieve Elevation of Privileges. According to the available documents, the exploitation status i...
Linux Distros Unpatched Vulnerability : CVE-2016-8884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service NULL pointer dereference by calling the...
The vulnerability of the Security component of the Oracle Retail Xstore Office software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Security component of the Oracle Retail Xstore Office software relates to the disclosure of information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of TP-Link Tether and TP-Link Tapo network device management and configuration software is related to errors in the certificate validation process, allowing attackers to perform a “Man-in-the-Middle” attack.
The vulnerability of TP-Link Tether and TP-Link Tapo network device management and configuration software is related to errors in the certificate validation process. Exploiting this vulnerability can allow a remote attacker to perform a Man-in-the-Middle MITM attack...
PT-2023-6169
Name of the Vulnerable Software and Affected Versions Sangfor Next-Gen Application Firewall version NGAF8.0.17 Description The issue is related to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP PO...
The vulnerability of the configuration of the microprogramming software for the PowerStore T OS allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the configuration of the microprogramming software for PowerStore T OS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of the protected...
mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
ROS-2-630
2.630 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...
CVE-2020-5608
CAMS for HIS CENTUM CS 3000 includes CENTUM CS 3000 Small R3.08.10 to R3.09.50, CENTUM VP includes CENTUM VP Small, Basic R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered...
The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to cause the application to become unresponsive or to crash. This occurs through the use of...
Unspecified Vulnerability in Oracle Outside In Technology Component (CNVD-2019-28224)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, etc. Outside In Technology is one of the software development kit components. A securi...
SUSE-SU-2018:0822-1 Security update for librelp
This update for librelp fixes the following issues: CVE-2018-1000140 bsc1086730: librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509...
Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...
CVE-2014-8384
The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...