Aggregator

A vulnerability labeled as critical has been found in Oracle Retail Bulk Data Integration 15.0.3.0/16.0.3.0. This impacts an unknown function of the component BDI Job Scheduler. Executing a manipulation can lead to information disclosure. This vulnerability appears as CVE-2020-9488. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Oracle Retail Integration Bus 14.1/15.0/16.0. Affected is an unknown function of the component RIB Kernal. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2020-9488. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Oracle Retail Order Broker up to 19.3. Affected by this vulnerability is an unknown functionality of the component Store Connect. The manipulation results in information disclosure. This vulnerability is known as CVE-2020-9488. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Oracle Retail Predictive Application Server 14.1.3.0/15.0.3.0/16.0.3.0. Affected by this issue is some unknown functionality of the component RPAS Fusion Client. This manipulation causes information disclosure. This vulnerability is handled as CVE-2020-9488. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Utilities Framework up to 4.4.0.2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Common. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2020-9488. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in Oracle Data Integrator 12.2.1.3.0/12.2.1.4.0. Affected is an unknown function of the component Install/config/upgrade. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2020-9488. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Oracle GoldenGate Application Adapters 19.1.0.0.0. Affected by this vulnerability is an unknown functionality of the component Application Adapters. Performing a manipulation results in information disclosure. This vulnerability was named CVE-2020-9488. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0/19.0. This vulnerability affects unknown code of the component Promotions. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2020-9488. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in code-projects Visitor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /vms/php/phone_0.php. This manipulation of the argument phone causes sql injection. This vulnerability appears as CVE-2026-10170. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. It has been declared as problematic. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot Password Endpoint. The manipulation of the argument email results in weak password recovery. This vulnerability is reported as CVE-2026-10169. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. It has been classified as critical. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control of resource identifiers. This vulnerability is documented as CVE-2026-10168. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 and classified as critical. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. This vulnerability is registered as CVE-2026-10167. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Submit #819186 / VDB-367424

A vulnerability has been found in zephyrproject-rtos Zephyr up to 4.3 and classified as problematic. This affects the function socketcan_frame. Performing a manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2026-5071. The attack must be initiated from a local position. There is no exploit available.

Submit #819395 / VDB-367423

Submit #819161 / VDB-367422

Submit #819157 / VDB-367421

Attackers are texting Signal users posing as Support, asking for backup recovery keys. Once obtained, they can decrypt the entire message history, not just future chats. A phishing campaign is currently targeting Signal users with text messages that impersonate Signal Support and ask them to hand over their backup recovery key. The message looks urgent, […]

Эндрю Келли рассказал, куда на самом деле спешит Zig.

Matrix 首页推荐Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。文章代表作者