| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in the JD Edwards EnterpriseOne General Ledger product of Oracle JD Edwards (component: E1 Foundation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise JD Edwards EnterpriseOne General Ledger. While the vulnerability is in JD Edwards EnterpriseOne General Ledger, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne General Ledger. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). |
| Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions. |
| Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions. |
| Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. |
| The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration. |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. While the vulnerability is in Oracle Coherence, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data as well as unauthorized update, insert or delete access to some of Oracle Coherence accessible data. CVSS 3.1 Base Score 9.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N). |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a information disclosure. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02. |
| An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the vulnerable software could, introduce arbitrary JavaScript by injecting a Cross-site Scripting (XSS) payload into the 'Hostname' field of the configuration file resulting in a XSS in the path /upgrade/query.php?cmd=p+3%3Bversion. This issue affects Regesta Smart HD-PLC - TLDPH16D2:
11.02.05.10.02. |
| Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 versions. |
| Unauthenticated Local File Inclusion in Kastell <= 2.0 versions. |
| Unauthenticated PHP Object Injection in Moderno < 1.43 versions. |
| Unauthenticated PHP Object Injection in Château <= 1.2.1 versions. |
| Unauthenticated PHP Object Injection in Zoya <= 1.4 versions. |
| Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions. |
| Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions. |
| Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions. |
| Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. |
| Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions. |
