1615 matches found
CVE-2011-0825
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote attackers to affect confidentiality, integrity, and availability, related to Enterprise Infrastructure SEC...
CVE-2011-0836
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC...
CVE-2025-53477
creationtimestamp| type| source ---|---|--- 2026-01-08 15:06:32+00:00| seen| https://seclists.org/oss-sec/2026/q1/41 2026-01-08 16:33:55+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mbwfwryasz2d 2026-01-10 12:29:41+00:00| seen|...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992739)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992739 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to...
curl: libcurl WebSocket handshake accepts any Sec-WebSocket-Accept
Summary: libcurl upgrades to WebSocket without validating Sec-WebSocket-Accept, allowing a spoofed 101 response to complete the handshake and inject frames; AI assistance was used to draft this report. Steps to Reproduce: 1. Clone and build curl from source: git clone --depth=1...
CVE-2025-67899
creationtimestamp| type| source ---|---|--- 2025-12-15 19:35:51+00:00| seen| https://seclists.org/oss-sec/2025/q4/277 2025-12-20 02:01:34+00:00| seen| https://bsky.app/profile/slackers.it/post/3maf4d6dt3p2l 2025-12-21 10:46:14+00:00| seen|...
CVE-2025-66476
creationtimestamp| type| source ---|---|--- 2025-12-02 20:59:19+00:00| seen| https://seclists.org/oss-sec/2025/q4/228 2025-12-03 00:35:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m727kyx2gv2a 2025-12-04 02:30:25+00:00| seen|...
CVE-2025-66313
ChurchCRM versions 6.2.0 and earlier are vulnerable to a time-based blind SQL injection in the 1FieldSec parameter. Injecting SLEEP() triggers deterministic server-side delays, showing the value is embedded in a SQL query without proper parameterization. In the affected versions, this can enable ...
CVE-2025-52578
CVE-2025-52578 describes an incorrect usage of seeds in a pseudo-random number generator (PRNG) affecting Gallagher Command Centre Server. The issue allows a sophisticated attacker with physical access to compromise internal device communications. Affected versions include 9.30 before vCR9.30.251...
CVE-2025-52578
Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...
PT-2025-47241
Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...
CVE-2025-53060
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseO...
CVE-2024-44088
creationtimestamp| type| source ---|---|--- 2025-10-14 14:17:27+00:00| seen| https://seclists.org/oss-sec/2025/q4/36...
CVE-2025-41699
Phoenix Contact CHARX SEC-3xxx charging controllers are affected by CVE-2025-41699. The vulnerability is a code injection (CWE-94) that an attacker with a low-privileged remote account for the Web-based management can exploit to change system configuration and perform a root command injection, co...
CVE-2025-41699 Phoenix Contact: Security Advisory for CHARX SEC-3xxx charging controllers
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code 'Code Injection'...
Phoenix Contact CHARX SEC-3150 代码注入漏洞
The Phoenix Contact CHARX SEC-3150 is an AC charge controller from Phoenix Contact, Germany. The Phoenix Contact CHARX SEC-3150 suffers from a code injection vulnerability that originates from a low-privileged remote attacker who can perform command injection by changing the system configuration...
EUVD-2016-0458
Malware in sbrugna...
EUVD-2016-0457
Malware in sbrugna...
EUVD-2020-18745
Malware in sbrugna...
EUVD-2021-0968
Malware in sbrugna...