CVE-2025-12626

creationtimestamp| type| source ---|---|--- 2025-11-03 13:42:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4q5lu6ncn2k...

CVE-2024-12626

The CVE-2024-12626 entry concerns the WordPress plugin AutomatorWP (Automator plugin) versions up to and including 5.0.9. A Reflected Cross-Site Scripting (XSS) flaw exists in the a-0-o-search_field_value parameter due to insufficient input sanitization and output escaping, allowing unauthenticat...

CVE-2017-12626

creationtimestamp| type| source ---|---|--- 2024-01-09 10:06:53+00:00| seen| https://t.me/ctinow/164895 2024-01-09 10:36:47+00:00| seen| https://t.me/ctinow/164918 2024-01-09 10:36:48+00:00| seen| https://t.me/ctinow/164919 2024-01-09 10:36:49+00:00| seen| https://t.me/ctinow/164920 2024-01-09...

Security Bulletin: Vulnerabilities found in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center [CVE-2017-12626 and X-Force ID: 220800]

Summary Multiple vulnerabilities have been identified in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published which addressed the applicable CVE 2017-1262 and X-Force ID: 2208...

Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for X-Force ID 220800 and CVE-2017-12626

Summary Due to flaws in Apache POI, IBM® Engineering System Design Rhapsody is vulnerable to arbitrary code execution X-Force ID 220800 and denial of service CVE-2017-12626. Both vulnerabilities are fixed in v9.0.1 iFix005. Vulnerability Details CVEID:CVE-2017-12626 DESCRIPTION: Apache POI is...

Dell PowerScale OneFS Log Information Disclosure Vulnerability (CNVD-2023-12626)

Dell PowerScale OneFS is a Dell PowerScale OneFS operating system that provides scale-out NAS. Dell PowerScale OneFS is vulnerable to a log information disclosure vulnerability that could be exploited by a low-privilege attacker with read log privileges from the cluster to cause information...

Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), at.iem:sysson_2.10 (=1.12.0) +2528 more potentially affected by CVE-2017-12626 via org.apache.poi:poi (>=3.0-FINAL <=3.16-beta2)

org.apache.poi:poi MAVEN version =3.0-FINAL, =1.3, =1.10.2, =1.13.0, =1.0.1, =0.0.1, =1.1.8, =2.23.5, =2.23.5, =19.1.0, =2.23.5, =18.12.0 and more Source cves: CVE-2017-12626 Source advisory: OSV:GHSA-523C-XH4G-MH5M...

Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)

Summary Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by tool...

Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...

Roundcube Webmail < 1.2.10, 1.3.x < 1.3.11, 1.4.x < 1.4.4 Multiple Vulnerabilities

Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail"; if...

CVE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...

CVE-2020-12626

Roundcube Webmail (Roundcube Webmail) CVE-2020-12626 is a CSRF vulnerability where an attacker can cause an authenticated user to be logged out by abusing POST requests. The issue arises from incorrect handling of login/logout POSTs and is documented across multiple connected sources, including D...

CVE-2020-12626

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered...

Security Bulletin: A security vulnerability has been identified in the Apache POI, which is vulnerable to Denial of Service. (CVE-2017-12626, CVE-2017-5644)

Summary The Apache POI has security vulnerability to exploit the application through denial of service. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details IBM Rational Asset Manager bundles Apache POI, which is used to set custom attribut...

Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626)

Summary IBM SPSS Statistics has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuadin...

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...

Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file re...

CVE-2019-12626

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability...

CVE-2019-12626

CVE-2019-12626 concerns Cisco Unified Contact Center Express (Unified CCX) and its web-based management interface. The issue is a stored cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, exploitable when an authenticated attacker entices an adminis...