Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).
BROWAN COMMUNICATIONS PrismX MX100 AP controller stores SMTP credentials in plaintext accessible via the web interface, enabling authenticated administrators to retrieve sensitive password data. The vulnerability requires high-level privileges to exploit but poses a significant risk to email service credentials used by the device. No patch is currently available to remediate this exposure.
Unauthorized data disclosure in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows high-privileged attackers with network access to extract sensitive information from the Oracle E-Business Suite environment. The vulnerability requires administrator-level credentials and HTTP connectivity but can result in complete exposure of workflow-accessible data. A patch is available to remediate this confidentiality issue.
Aspera Console versions up to 3.4.7 is affected by insertion of sensitive information into log file (CVSS 4.9).
Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 4.8).
Business Automation Workflow versions up to 24.0.0 is affected by execution with unnecessary privileges (CVSS 4.7).
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 4.6 MEDIUM]
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. [CVSS 4.5 MEDIUM]
Stored XSS in WP Hello Bar plugin up to version 1.02 allows authenticated administrators to inject malicious scripts through the 'digit_one' and 'digit_two' parameters due to inadequate input validation. When users visit affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. No patch is currently available.
Stored XSS in the Viet contact WordPress plugin versions up to 1.3.2 allows authenticated administrators to inject malicious scripts into admin settings due to inadequate input sanitization and output escaping. The injected scripts execute when other users access affected pages, impacting multi-site WordPress installations and sites with unfiltered_html disabled. Exploitation requires administrator-level access and no patch is currently available.
NotificationX plugin for WordPress versions up to 3.1.11 lacks proper authorization checks on REST API endpoints, allowing authenticated users with Contributor-level permissions to reset analytics data for any campaign regardless of ownership. This capability bypass enables low-privileged attackers to tamper with campaign analytics across the WordPress installation. The vulnerability affects WordPress deployments using the affected plugin versions, with no patch currently available.
The Newsletter WordPress plugin through version 9.1.0 contains a cross-site request forgery vulnerability in the hook_newsletter_action() function due to insufficient nonce validation, allowing unauthenticated attackers to unsubscribe legitimate users if they can trick a logged-in administrator into clicking a malicious link. This attack requires user interaction but poses a direct integrity risk to newsletter subscriber lists. No patch is currently available.
Unauthorized data access in Oracle Planning and Budgeting Cloud Service (version 25.04.07) can be achieved by high-privileged attackers with local infrastructure access through the EPM Agent component. The vulnerability requires user interaction from a non-attacker and allows complete compromise of accessible Planning and Budgeting data. No patch is currently available.
Planning And Budgeting Cloud Service contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 4.2).
IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. [CVSS 3.5 LOW]
Applinx versions up to 11.1.0 contains a vulnerability that allows attackers to an authenticated user to perform unauthorized administrative actions on the serv (CVSS 3.1).
Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance (component: Security). Supported versions that are affected are 23.1.0-23.1.202509. [CVSS 3.1 LOW]
Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. [CVSS 3.1 LOW]
Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a partial denial of service (partial DOS) of MySQL (CVSS 2.7).
HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user console could be disabled due to a fatal PHP error. [CVSS 2.7 LOW]
Sun Zfs Storage Appliance Kit versions up to 8.8.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle ZFS Storage Appli (CVSS 2.3).
XXE injection in Bjskzy Zhiyou ERP through the RichClientService component allows authenticated attackers to read sensitive files and manipulate XML data from the network. Public exploit code exists for this vulnerability affecting versions up to 11.0, and the vendor has not provided a patch despite early disclosure notification.
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
User-controlled header names and values containing newlines can allow injecting HTTP headers.
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.
Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/<PATH>.php/<XSS>'.
HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.
Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'.
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios.
Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized.
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized.
affected product. The security issue occurs when a malformed CIP forward open message is sent. This contains a vulnerability that allows attackers to a major nonrecoverable fault a restart is required to recover.
A security issue was discovered within the legacy Ansible playbook component of Verve Asset Manager, caused by plaintext secrets incorrectly stored when a playbook is running. This component has been retired and has been optional since the 1.36 release in 2024.
The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 .
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.