PT-2026-36738

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description A stack overflow in the WebCam Server Login functionality allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted HTTP request. Recommendations At the moment,...

CVE-2025-65681

An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...

CVE-2025-62410

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads ...

CVE-2025-62410 --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads ...

CVE-2025-62410 --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads ...

CVE-2025-62410 --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads ...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

Medium: java-1.8.0-openjdk

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

Oracle Java SE Security Update (oct2023) 03 - Linux

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA61443 Multiple vulnerabilities in Oracle Java SE and GraalVM

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Code execution vulnerability in CORBA can be exploited to execute arbitrary code...

Fedora 37 : java-latest-openjdk-portable (2023-020d609edb)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-020d609edb advisory. Update to jdk-20.0.2+9 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

IBM Cloud Pak for Automation 日志信息泄露漏洞

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

Nextcloud 跨站脚本漏洞

Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A cross-site scripting vulnerability exists in versions prior to Nextcloud Server 20.0.2, 19.0.5, and 18.0.11. The vulnerability stems from a lack of link...

PT-2021-12722 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.2 Nextcloud Server versions prior to 19.0.5 Nextcloud Server versions prior to 18.0.11 Description: A missing input validation in Nextcloud Server allows users to store unlimited data in workflow rules,...

Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4794

Summary The optional component Process Federation Server that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a information disclosure and denial of service attack. Vulnerability Details CVEID: CVE-2020-4794 DESCRIPTION: IBM Process Federation...

CVE-2020-15151

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the fromkey protection in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2...

PT-2020-14229 · Openmage · Openmage

Name of the Vulnerable Software and Affected Versions: OpenMage versions prior to 19.4.6 OpenMage versions prior to 20.0.2 Description: This issue allows attackers to circumvent the fromkey protection in the Admin Interface, increasing the attack surface for Cross Site Request Forgery attacks...