Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Retail Xstore Point of Service 7.0/7.1. This affects an unknown part of the component Xenvironment. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2018-1000180. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Convergence 3.0.2. This vulnerability affects unknown code of the component Bouncy Castle Java Library. Such manipulation leads to risky cryptographic algorithm. This vulnerability is listed as CVE-2018-1000180. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Oracle WebCenter Portal 11.1.1.9.0/12.2.1.3.0. This impacts an unknown function of the component AntiSamy. Executing manipulation can lead to risky cryptographic algorithm. This vulnerability is handled as CVE-2018-1000180. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Oracle WebLogic Server 12.2.1.3. Affected is an unknown function of the component AntiSamy. The manipulation leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2018-1000180. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle Retail Convenience and Fuel POS Software 2.8.1. This impacts an unknown function of the component Bouncy Castle Java Library. The manipulation leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2018-1000180. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as critical was found in Oracle Communications Application Session Controller 3.7.1/3.8.0. This affects an unknown function of the component Bouncy Castle Java Library. Executing manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2018-1000180. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Oracle Business Transaction Management 12.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Bouncy Castle Java Library. Performing manipulation results in information disclosure. This vulnerability was named CVE-2018-1000180. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Oracle Enterprise Repository 12.1.3.0.0. This affects an unknown function of the component OpenSSL. Executing manipulation can lead to risky cryptographic algorithm. The identification of this vulnerability is CVE-2018-1000180. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

从调试到虚拟机，一课打通逆向全链路！

看雪论坛作者ID：之健

A vulnerability was found in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. It has been declared as critical. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-10392. The attack can be executed remotely. Additionally, an exploit exists. Applying restrictive firewalling is recommended.

A vulnerability was found in CRMEB up to 5.6.1. It has been classified as critical. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. This vulnerability is referenced as CVE-2025-10391. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in CRMEB up to 5.6.1 and classified as critical. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The identification of this vulnerability is CVE-2025-10390. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in CRMEB up to 5.6.1 and classified as critical. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. This vulnerability was named CVE-2025-10389. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #644596 / VDB-323827

Submit #644582 / VDB-323826

Submit #644578 / VDB-323825

Submit #644543 / VDB-323824

A vulnerability, which was classified as problematic, was found in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-10388. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.