PT-2026-38818

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

CVE-2023-43743

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to th...

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

CVE-2025-67513 FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

CVE-2025-67513 FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

Bundled JRE in Bitbucket 8.16+ is vulnerable to OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20919

h3. Issue Summary Bitbucket 8.16 and above bundles OpenJDK 17.0.9 which is vulnerable as per OpenJDK advisory|https://openjdk.org/groups/vulnerability/advisories/2024-01-16. .The recommendation is to update Java to a version greater than 17.0.9 such as 17.0.10. - A vulnerability that allows an...

PT-2024-3723 · Oracle +1 · Oracle Graalvm Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to insufficient protection of internal data in the Compiler component of Oracle GraalVM for JDK a...

PT-2023-28963 · Zultys · Mx30 +5

Name of the Vulnerable Software and Affected Versions: Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 Description: A SQL injection issue allows an authenticated attacker to execute arbitrary SQL queries on the backend database...

CVE-2021-31405

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 Vaadin 14.0.6 through 14.4.3, and 3.0.0 through 4.0.2 Vaadin 15.0.0 through 17.0.10 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

Design/Logic Flaw

Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 Vaadin 14.0.6 through 14.4.3, and 3.0.0 through 4.0.2 Vaadin 15.0.0 through 17.0.10 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

Nextcloud Server File Block Overwrite Vulnerability (NC-SA-2020-038)

Nextcloud Server is prone to a vulnerability where Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

RedHat Update for thunderbird RHSA-2013:1480-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox ESR Multiple Vulnerabilities-02 (Nov 2013) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Oracle Linux 5 / 6 : thunderbird (ELSA-2013-1480)

The remote Oracle Linux 5 / 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2013-1480 advisory. 17.0.10-1.0.1.el64 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 17.0.10-1 - Update to 17.0.10 ESR Tenabl...

firefox security update

firefox 17.0.10-1.0.1.el64 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 17.0.10-1 - Update to 17.0.10 ESR xulrunner 17.0.10-1.0.1.el64 - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNERVERSION from SOURCE21...

Visual Studio 2022 version 17.0.10 update

This security update applies to all editions of Visual Studio 2022, and will update client machines on the LTSC channel to version 17.0.10. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update t...