Aggregator

CVE-2022-25647 | Oracle Communications Performance Intelligence Center (PIC) Software Management denial of service (Nessus ID 235116)

Vuldb Updates
1 day 18 hours ago
A vulnerability, which was classified as critical, has been found in Oracle Communications Performance Intelligence Center (PIC) Software 10.4.0.4.1. This vulnerability affects unknown code of the component Management. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-25647. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access

Cyber Security News
1 day 18 hours ago

LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain root access on Linux hosting servers. The bug is tracked as CVE‑2026‑48172 and affects LiteSpeed cPanel user-end plugin versions from v2.3 up to, but not including, v2.4.5. 0‑Day in LiteSpeed cPanel […]

The post LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access appeared first on Cyber Security News.

Guru Baran

CVE-2026-28735 | Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0 Scope authorization

VulDB Recent Entries
1 day 18 hours ago
A vulnerability described as critical has been identified in Mattermost up to 10.11.14/11.4.4/11.5.3/11.6.0. This affects an unknown function. Executing a manipulation of the argument Scope can lead to incorrect authorization. This vulnerability is registered as CVE-2026-28735. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-28444 | baptisteArno typebot.io up to 3.15.x getResultLogs API Endpoint authorization

VulDB Recent Entries
1 day 18 hours ago
A vulnerability marked as problematic has been reported in baptisteArno typebot.io up to 3.15.x. The impacted element is an unknown function of the component getResultLogs API Endpoint. Performing a manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2026-28444. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-28445 | baptisteArno typebot.io up to 3.15.x RatingButton cross site scripting

VulDB Recent Entries
1 day 18 hours ago
A vulnerability labeled as problematic has been found in baptisteArno typebot.io up to 3.15.x. The affected element is an unknown function of the component RatingButton Component. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-28445. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2022-25647 | Oracle Financial Services Model Management and Governance Installer / Configuration denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability identified as critical has been detected in Oracle Financial Services Model Management and Governance 8.0.8.0/8.1.0.0/8.1.1.0. Affected is an unknown function of the component Installer / Configuration. This manipulation causes denial of service. This vulnerability is tracked as CVE-2022-25647. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2022-25647 | Oracle BI Publisher 5.9.0.0/6.4.0.0.0/12.2.1.3.0/12.2.1.4.0 Security denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability described as critical has been identified in Oracle BI Publisher 5.9.0.0/6.4.0.0.0/12.2.1.3.0/12.2.1.4.0. This affects an unknown function of the component Security. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2022-25647. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2022-25647 | Oracle Middleware Common Libraries and Tools 12.2.1.3.0/12.2.1.4.0 Thirdparty Patch denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability was found in Oracle Middleware Common Libraries and Tools 12.2.1.3.0/12.2.1.4.0. It has been classified as critical. This issue affects some unknown processing of the component Thirdparty Patch. Performing a manipulation results in denial of service. This vulnerability is known as CVE-2022-25647. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2022-25647 | Oracle Healthcare Master Person Index up to 5.0.3 Master Index denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability marked as critical has been reported in Oracle Healthcare Master Person Index up to 5.0.3. Impacted is an unknown function of the component Master Index. This manipulation causes denial of service. The identification of this vulnerability is CVE-2022-25647. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2022-25647 | Oracle Documaker Enterprise Edition 12.6/12.7 Development Tools denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability was found in Oracle Documaker Enterprise Edition 12.6/12.7. It has been classified as critical. This affects an unknown part of the component Development Tools. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2022-25647. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2022-25647 | Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59/8.60 Elastic Search denial of service (Nessus ID 235116)

Vuldb Updates
1 day 19 hours ago
A vulnerability marked as critical has been reported in Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59/8.60. This impacts an unknown function of the component Elastic Search. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-25647. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog

Cyber Security News
1 day 19 hours ago

 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately. The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error […]

The post CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

Abinaya

Deleted Google API Keys Continue Accessing Gemini, BigQuery, and Maps APIs

Cyber Security News
1 day 19 hours ago

A newly disclosed issue with Google Cloud API keys reveals that deleted credentials may remain usable for up to 23 minutes, exposing projects to potential abuse even after revocation. The finding raises concerns about delayed credential invalidation across Google’s infrastructure, particularly for sensitive services such as Gemini, BigQuery, and Google Maps APIs. According to Aikido […]

The post Deleted Google API Keys Continue Accessing Gemini, BigQuery, and Maps APIs appeared first on Cyber Security News.

Abinaya

Managed ad