Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. Rated medium severity (CVSS 5.3). No vendor patch available.
SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.3). No vendor patch available.
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.