Skip to main content

Peoplesoft Enterprise Peopletools

303 CVEs product

Monthly

CVE-2026-35273 CRITICAL POC KEV THREAT NEWS Emergency

Remote takeover of Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 is possible through the Updates Environment Management component via unauthenticated HTTP requests. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network-based exploitation against any internet- or intranet-exposed instance, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but Oracle's 'easily exploitable' language and the unauthenticated nature make this a high-priority patching target.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2026-21951 MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 is affected by cross-site scripting (xss) (CVSS 6.1).

Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21938 MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 6.1).

Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21934 MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 5.4).

Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-30697 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21545 HIGH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21530 MEDIUM Monitor

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-21255 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-21214 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-21180 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2024-21178 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-21158 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2024-21097 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-21070 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21065 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22080 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22014 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-21981 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-21916 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-21845 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21844 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-39407 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-21470 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21458 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-21456 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24729 LIB HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-24728 LIB MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-21824 HIGH PATCH This Week

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js Mysql Cluster Mysql Connectors +8
NVD
CVSS 3.1
8.2
EPSS
21.5%
CVE-2021-43797 Maven MEDIUM PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Quarkus Oncommand Workflow Automation +15
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-41165 LIB MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Agile Product Lifecycle Management Application Express +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-41164 npm MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Banking Apis Banking Digital Experience +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-41184 LIB MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +23
NVD GitHub
CVSS 3.1
6.1
EPSS
44.5%
CVE-2021-41183 LIB MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +24
NVD GitHub
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-41182 LIB MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H500s Firmware H700s Firmware +25
NVD GitHub
CVSS 3.1
6.1
EPSS
42.2%
CVE-2021-35609 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-35595 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Business Interlink). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35568 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37137 Maven HIGH PATCH This Week

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Banking Apis Banking Digital Experience Commerce Guided Search +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2021-37136 Maven HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus Banking Apis Banking Digital Experience +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-40690 Maven HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java Santuario Xml Security For Java Cxf +16
NVD
CVSS 3.1
7.5
EPSS
11.2%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-37714 Maven HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup Quarkus Banking Trade Finance +13
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2021-22940 HIGH PATCH This Week

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption Use After Free Node.js +7
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2021-22939 MEDIUM POC PATCH THREAT This Month

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Node Js Graalvm Jd Edwards Enterpriseone Tools +5
NVD
CVSS 3.1
5.3
EPSS
14.7%
CVE-2021-22931 CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js Node Js Active Iq Unified Manager +8
NVD
CVSS 3.1
9.8
EPSS
22.0%
CVE-2021-37695 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux Fedora Application Express +8
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-32809 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor Fedora Application Express +7
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-32808 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora Application Express Banking Party Management +9
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-2407 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-2377 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-36090 Maven HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis Banking Digital Experience Banking Enterprise Default Management +30
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2021-35517 Maven HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Apis +23
NVD
CVSS 3.1
7.5
EPSS
10.6%
CVE-2021-35516 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +20
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2021-35515 Maven HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +22
NVD
CVSS 3.1
7.5
EPSS
11.6%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-3518 Ruby HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libxml2 Debian Linux +16
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-3537 Ruby MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 Jboss Core Services Enterprise Linux +16
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2021-2219 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2021-2216 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-21345 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.9
EPSS
72.3%
CVE-2021-27906 Maven MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox Fedora Banking Corporate Lending Process Management +16
NVD
CVSS 3.1
5.5
EPSS
3.3%
CVE-2021-28363 PyPI MEDIUM PATCH This Month

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 Fedora Peoplesoft Enterprise Peopletools
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-22884 HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js Fedora Active Iq Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
32.4%
CVE-2021-22883 HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora E Series Performance Analyzer +6
NVD
CVSS 3.1
7.5
EPSS
77.4%
CVE-2021-27568 Maven MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 Communications Cloud Native Core Policy Oss Support Tools +3
NVD GitHub
CVSS 3.1
5.9
EPSS
2.9%
CVE-2021-23841 Cargo MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Nessus Network Monitor +20
NVD
CVSS 3.1
5.9
EPSS
7.5%
CVE-2021-23337 LIB HIGH POC PATCH THREAT This Week

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection Lodash Banking Corporate Lending Process Management +21
NVD GitHub
CVSS 3.1
7.2
EPSS
22.4%
CVE-2021-2071 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Oracle Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-2063 HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2021-2043 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-23926 Maven CRITICAL PATCH Act Now

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmlbeans Oncommand Unified Manager Core Package Snap Creator Framework Snapmanager +3
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2020-28052 Maven HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-8908 Maven LOW POC PATCH Monitor

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Google Java Information Disclosure Guava Quarkus +11
NVD GitHub
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-13956 Maven MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient Quarkus Data Integrator +14
NVD
CVSS 3.1
5.3
EPSS
8.7%
CVE-2020-27193 npm MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm Application Express Banking Party Management +5
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-14847 LOW Monitor

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2020-14832 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
1.0%
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Remote takeover of Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 is possible through the Updates Environment Management component via unauthenticated HTTP requests. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network-based exploitation against any internet- or intranet-exposed instance, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but Oracle's 'easily exploitable' language and the unauthenticated nature make this a high-priority patching target.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 is affected by cross-site scripting (xss) (CVSS 6.1).

Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 6.1).

Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 5.4).

Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Oracle +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Oracle Authentication Bypass +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Web Server). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Elastic Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Navigation Pages, Portal, Query). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +7
NVD GitHub
EPSS 22% CVSS 8.2
HIGH PATCH This Week

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Node Js +10
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty +17
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +8
NVD GitHub
EPSS 45% CVSS 6.1
MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora +25
NVD GitHub
EPSS 8% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +26
NVD GitHub
EPSS 42% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +27
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Business Interlink). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Banking Apis +10
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus +17
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Java +18
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

jsoup is a Java library for working with HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Jsoup +15
NVD GitHub
EPSS 14% CVSS 7.5
HIGH PATCH This Week

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption +9
NVD
EPSS 15% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Authentication Bypass Node Js +7
NVD
EPSS 22% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Node.js +10
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux +10
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor +9
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora +11
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 6% CVSS 3.7
LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +31
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 13% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis +32
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +25
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +22
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager +24
NVD
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +18
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 +18
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Multichannel Framework). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 72% CVSS 9.9
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Java +16
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.22 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox +18
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Urllib3 +2
NVD GitHub
EPSS 32% CVSS 7.5
HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js +12
NVD
EPSS 77% CVSS 7.5
HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js +8
NVD
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 +5
NVD GitHub
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +22
NVD
EPSS 22% CVSS 7.2
HIGH POC PATCH THREAT This Week

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Code Injection +23
NVD GitHub
EPSS 2% CVSS 8.1
HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Oracle Information Disclosure +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 6% CVSS 9.1
CRITICAL PATCH Act Now

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmlbeans Oncommand Unified Manager Core Package +5
NVD
EPSS 7% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java +19
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux +21
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Google Java Information Disclosure +13
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 9% CVSS 5.3
MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient +16
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm +7
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy