Open Redirect

Overview microsoft-kiota-http is a python HTTP implementation with HTTPX library. Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a...

WordPress ProSolution WP Client plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload via proSol_fileUploadProcess vulnerability

Unauthenticated Arbitrary File Upload via proSolfileUploadProcess vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin ProSolution WP Client versions = 1.9.9...

IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

WordPress plugin ProSolution WP Client 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2025-66484

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-66486

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-66483

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

EUVD-2025-209178

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

EUVD-2025-209184

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-66487

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service...

CVE-2025-66487

IBM Aspera Shares (1.9.9–1.11.0) is affected by CVE-2025-66487 due to insufficient rate limiting on authenticated users sending emails, which could enable email flooding or a denial of service. The IBM bulletin lists this CVE among multiple fixes addressed in version 1.11.1. The remediation is to...

CVE-2025-66486

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-66486

IBM Aspera Shares is affected by CVE-2025-66486, an HTML injection (XSS) vulnerability in the web UI. The bulletin lists affected versions 1.9.9 through 1.11.0, with remediation via IBM Aspera Shares 1.11.1 (Windows and Linux). Impact is web-based code execution within the hosting site’s context ...

CVE-2025-66485

CVE-2025-66485 is an HTTP header injection vulnerability in IBM Aspera Shares (versions 1.9.9–1.11.0). The Root Cause is improper validation of HOST header input, enabling attackers to craft requests that may lead to cross-site scripting, cache poisoning, or session hijacking. IBM has addressed t...

CVE-2025-66484

Summary : IBM Aspera Shares is reported vulnerable to stored cross-site scripting (CWE-79) in the Web UI. Affected product/versions : IBM Aspera Shares 1.9.9–1.11.0. Impact : Web UI could be exploited to embed arbitrary JavaScript code, potentially leading to credentials disclosure within a trust...

CVE-2025-66484 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2025-209172

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Aspera Shares 加密问题漏洞

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...