Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

Oracle E-Business Suite (June 2026 CSPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Easily exploitable...

9.9CVSS6AI score0.00473EPSS
Exploits0References57
NVD
NVD
added 2026/06/17 10:54 a.m.8 views

CVE-2026-46927

Vulnerability in the Oracle Receivables product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle Receivables...

8.1CVSS0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 8:29 p.m.9 views

CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS5.8AI score0.0026EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.5 views

SUSE CVE-2019-2511

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM...

7.5CVSS7.7AI score0.04255EPSS
Exploits0References6
OSV
OSV
added 2020/04/27 3:15 p.m.6 views

CVE-2020-12120

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers...

7.5CVSS7.1AI score0.0177EPSS
Exploits1References2
CNVD
CNVD
added 2015/06/23 12:0 a.m.3 views

PHP SOAP Access Remote Memory Corruption Vulnerability

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...

10CVSS6.6AI score0.10724EPSS
Exploits5References1
CNVD
CNVD
added 2015/06/23 12:0 a.m.4 views

Multiple Memory Corruption Vulnerabilities in PHP SOAP Access

PHP is a general-purpose scripting language. A security vulnerability in the unserialize function used in PHP's multiple SOAP accesses allows remote attackers to exploit the vulnerability by submitting a special request to obtain PHP application memory information or crash...

10CVSS6.6AI score0.08171EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/02/13 6:54 p.m.8 views

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

5.8CVSS7.4AI score0.08157EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.3 views

rhev: backend allows unprivileged queries

The backend in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a 1 SOAP or 2 GWT request...

2.7CVSS6AI score0.00784EPSS
Exploits0References4
Rows per page
Query Builder