Oracle WebLogic Server Unauthorized Access (April 2026 CPU)

The 12.2.1.4.0 version of WebLogic Server installed on the remote host is affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Validator. The supported...

CVE-2026-24814

Integer Overflow or Wraparound vulnerability in swoole swoole-src thirdparty/hiredis modules. This vulnerability is associated with program files sds.C. This issue affects swoole-src: before 6.0.2...

CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

CVE-2021-4461

CVE-2021-4461 affects Seeyon Zhiyuan OA Web Application System

Oracle WebLogic Server (October 2025 CPU)

The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized...

Oracle WebLogic Server (April 2025 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by a vulnerability as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Apache...

Oracle WebLogic Server (October 2024 CPU)

The 12.2.1.4.0 and 14.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions tha...

CVE-2024-22400

Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no...

Open redirect in user_saml via RelayState parameter

None...

Milesight UR32L ys_thirdparty user_delete OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1694 Milesight UR32L ysthirdparty userdelete OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-23550 SUMMARY An OS command injection vulnerability exists in the ysthirdparty userdelete functionality of Milesight UR32L v32.3.0.5. A specially...

CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

App pin of the Android app can be bypassed via thirdparty apps generating deep links

None...

Oracle HTTP Server (Jan 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jan 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Centralized Thirdparty Jars Expat. The supported version tha...

CVE-2020-7179

A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7179

The CVE-2020-7179 entry concerns Hewlett Packard Enterprise's Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). The vulnerability is a thirdPartyPerfSelectTask expression language injection in iMC that enables remote code execution. The root cause is improper handling of the expre...

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...

Out-of-bounds

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...

CVE-2018-12911

WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the getsimpleglobs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c...

eautoclub.com XSS vulnerability

Vulnerable URL: https://www.eautoclub.com/Support/swift/thirdparty/FusionCharts/Charts/ScrollLine2D.swf?%domid=%22%29%29catch%28e%29;alert%28%27OPENBUGBOUNTY%27%29//=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...