CVE Brief Security Intelligence

The Entrepreneur Booking WordPress theme is vulnerable to PHP Object Injection, allowing low-privileged authenticated users to execute arbitrary code.

A Use-After-Free (UAF) vulnerability in Google Chrome's Digital Credentials component allows for potential remote code execution or system instability.

A use-after-free vulnerability exists in the File Input component of Google Chrome on Linux, potentially allowing for arbitrary code execution.

A use-after-free vulnerability in the password management component of Google Chrome on Android may lead to unauthorized access or system instability.

A use-after-free vulnerability in the Web Authentication component of Google Chrome allows potential attackers to compromise browser security.

A heap buffer overflow vulnerability in the WebRTC component of Google Chrome could lead to remote code execution.

A use-after-free vulnerability in the Downloads component of Google Chrome on Android allows potential memory corruption and system instability.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome on Windows, potentially allowing for arbitrary code execution.

The Events Schedule plugin for WordPress contains a SQL injection vulnerability that allows authenticated subscribers to extract sensitive database information.

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is susceptible to Remote Code Execution due to insufficient input validation.

An unspecified vulnerability exists in the Console component of Oracle WebLogic Server, which may allow for unauthorized access or system impact.

A security vulnerability in the Identity Manager component of Oracle Fusion Middleware could be exploited to compromise identity management processes.

A vulnerability in the REST WebServices component of Oracle Identity Manager may allow for unauthorized manipulation of API-based identity services.

An unspecified vulnerability in the Console component of Oracle WebLogic Server could allow for unauthorized system impact or control.

A vulnerability exists in the Oracle Fusion Middleware WebLogic Server Console component that allows low-privileged network-based attackers to compromise the server.

A vulnerability in the Core component of Oracle Fusion Middleware WebLogic Server allows low-privileged attackers to compromise the application.

A vulnerability in the Content Server component of Oracle WebCenter Content allows low-privileged attackers to compromise the application.

A vulnerability in the Content Server component of Oracle WebCenter Content allows low-privileged attackers to compromise the application.

A vulnerability in the Oracle WebCenter Sites component allows low-privileged attackers to compromise the application.

A high-severity vulnerability exists within the Content Server component of Oracle WebCenter Content that may allow for unauthorized system interaction.

A high-severity security vulnerability exists within the Content Server component of Oracle WebCenter Content that may impact system security.

A high-severity vulnerability has been identified in the Content Server component of Oracle WebCenter Content, requiring immediate remediation.

A high-severity vulnerability exists within the Core component of Oracle WebCenter Content: Imaging that could lead to unauthorized system access.

A high-severity vulnerability in the Agent Next Gen component of Oracle Enterprise Manager Base Platform could allow for unauthorized system interaction.

A high-severity vulnerability exists within the EAI component of Oracle Siebel CRM, potentially allowing for unauthorized system interaction.

A vulnerability in the Marketing component of Oracle Siebel CRM could potentially be leveraged by an attacker to compromise application integrity.

A security vulnerability in the Business Logic Infrastructure of Oracle JD Edwards EnterpriseOne Tools could allow for unauthorized system manipulation.

A vulnerability within the Quality Management Specs component of Oracle E-Business Suite could lead to unauthorized system impacts.

A vulnerability in the Siebel Cloud Manager component of Oracle Siebel CRM could allow an attacker to disrupt or compromise cloud-based application management.

A vulnerability exists in the Siebel Cloud Manager component of Oracle Siebel CRM that may allow unauthorized access or impact system integrity.

A security flaw has been identified in the Spares Management component of Oracle E-Business Suite that could be exploited to compromise internal operations.

A vulnerability in the Cost Management component of Oracle E-Business Suite could allow for unauthorized manipulation of cost planning data.

A security vulnerability in the Enterprise Asset Management component of Oracle E-Business Suite could allow for unauthorized internal operational changes.

A vulnerability in the iSetup product of Oracle E-Business Suite could allow for unauthorized data transformation or reporting manipulation.

A high-severity vulnerability exists within the Cost Planning component of Oracle E-Business Suite’s Cost Management product.

A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Process Manufacturing Process Planning product.

A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Advanced Outbound Telephony product.

A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Advanced Outbound Telephony product.

A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Quality product.

A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Quality product.

A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Project Portfolio Analysis product.

A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Project Portfolio Analysis product.

A high-severity vulnerability exists within the Work Provider Site Level Administration component of the Oracle E-Business Suite Universal Work Queue.

A high-severity vulnerability exists within the Authorization component of the Oracle E-Business Suite Public Sector Financials (International) product.

A vulnerability exists in the Internal Operations component of Oracle Outsourced Mfg for Discrete Industries within the Oracle E-Business Suite.

A vulnerability exists in the Internal Operations component of Oracle Outsourced Mfg for Discrete Industries within the Oracle E-Business Suite.

A PHP object injection vulnerability exists in the Avada theme, allowing authenticated contributors to execute arbitrary code.

An inappropriate implementation vulnerability exists in the WebView component of Google Chrome on Android versions prior to 149.

An unauthenticated Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Dating Theme, potentially allowing unauthorized state-changing actions.

A vulnerability exists in the Console component of the WebLogic Server product within Oracle Fusion Middleware.

A vulnerability exists in the WebLogic component of Oracle PeopleSoft Enterprise PT PeopleTools.

A security vulnerability exists within the Content Server component of Oracle WebCenter Content, potentially allowing for unauthorized system impact.

A security flaw has been identified in the Content Server component of Oracle WebCenter Content, requiring urgent attention to prevent unauthorized access.

A vulnerability in the OUD Core component of Oracle Unified Directory may allow for unauthorized system impact.

An unauthenticated broken access control vulnerability in the WordPress Dating Theme allows unauthorized users to access restricted functions or data.

A high-severity vulnerability exists in the MySQL Shell component for VS Code, potentially allowing unauthorized access or impact to the development environment.

A vulnerability within the Production component of Oracle Complex Maintenance, Repair and Overhaul poses a risk to system integrity.

A memory-related vulnerability exists within the `mfc_core_get_dec_metadata_sei_nal` function of the Samsung MFC core, potentially allowing for system-level impact.

The Contest Gallery WordPress plugin is vulnerable to privilege escalation, allowing authenticated attackers to elevate their access level within the application.

A memory-related vulnerability exists within the `__mfc_core_nal_q_get_dec_metadata_sei_nal` function of the MFC (Multi-Function Codec) core, potentially allowing for memory corruption.

A vulnerability in the `ParsePayloads` function of the `AudioSdpParser` component could allow for improper handling of SDP payloads.

The E2Pdf – Export Pdf Tool for WordPress plugin is vulnerable to a missing authorization flaw, potentially exposing sensitive PDF generation functions to unauthorized users.

Citrix Cloud contains an authorization flaw where read-only accounts can initiate sensitive workflow processes, leading to unauthorized write operations.

Dell PowerFlex Manager is affected by a missing authentication vulnerability that allows unauthenticated attackers to perform critical functions.

A critical security vulnerability has been identified in the Cotonti content management system, requiring immediate attention to prevent potential system compromise.

A subscriber-level SQL Injection vulnerability exists in the WooCommerce Frontend Manager – Ultimate plugin, allowing for potential database manipulation.

A broken authentication vulnerability exists in PowerPack Pro for Elementor, allowing unauthenticated attackers to bypass security controls.

A heap-based buffer overflow vulnerability in the modem firmware allows for a possible out-of-bounds write, potentially leading to code execution.

A heap-based buffer overflow in `RtpSession::rtpSendRtcpPacket` allows for an out-of-bounds write, potentially enabling remote code execution.

A privilege escalation vulnerability in the Sonaar plugin allows authenticated subscribers to perform unauthorized actions with elevated permissions.

A privilege escalation vulnerability in the Genemy plugin allows authenticated subscribers to gain unauthorized elevated permissions.

A privilege escalation vulnerability in the Falang multilanguage plugin allows authenticated subscribers to gain unauthorized elevated permissions.

A stack-based buffer overflow exists in the raw_to_header() function of the microtar library, which may allow arbitrary code execution.

A SQL injection vulnerability in the Geo Mashup plugin allows authenticated subscribers to execute arbitrary database commands.

A blind SQL injection vulnerability in the wpWax Directorist Booking plugin allows authenticated users to exfiltrate database information.

A SQL injection vulnerability in the Cornerstone page builder allows authenticated subscribers to manipulate database queries.

A blind SQL injection vulnerability in the Brainstorm Force SureDash plugin allows authenticated users to perform unauthorized database queries.

A blind SQL injection vulnerability in the VeronaLabs Slimstat Analytics plugin allows authenticated users to extract database information.

A missing bounds check in the Modem firmware leads to a potential out-of-bounds write vulnerability.

Multiple functions within the VideoRtpPayloadDecoderNode component are susceptible to memory-related vulnerabilities.

A vulnerability in the IntfGraphCreate function within the intfgraph component may lead to critical memory corruption.

A memory corruption flaw in the Modem firmware allows for a device crash when processing a malicious SIP REFER request.

The DecodeT140 function in the TextRtpPayloadDecoderNode is vulnerable to memory corruption due to improper processing.

A memory safety vulnerability exists in the RtpSession component of the Android telephony stack, specifically within the numberOfReportBlocks function.

A missing bounds check in the device modem firmware allows for an out-of-bounds write, potentially leading to memory corruption.

PickleScan contains an unspecified vulnerability prior to version 0.

Car Zone versions 3 and earlier are vulnerable to unauthenticated arbitrary file deletion.

BookPro versions 1 and earlier contain an unauthenticated arbitrary file deletion vulnerability.

The EMV JobCareer software contains a path traversal vulnerability due to improper limitation of a pathname to a restricted directory.

Cornerstone versions prior to 7 allow arbitrary code execution for authenticated subscribers.