Dolibarr ERP CRM Authorization Issues and Vulnerabilities

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.1 and earlier had an authorization issue. This vulnerability stems from an improper authorization in the CheckUserAccessToObject function within the Leave Request RES...

SUSE CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

GHSA-RGXP-2HWP-JWGG Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

DEBIAN-CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

PT-2026-20319

Name of the Vulnerable Software and Affected Versions Apache Arrow C++ versions 15.0.0 through 23.0.0 Description A use-after-free issue exists in Apache Arrow C++ when reading an Arrow IPC file with pre-buffering enabled, if the file contains data with variadic buffers like Binary View and Strin...

CVE-2023-50947

IBM Business Automation Workflow (BBWA) is affected by CVE-2023-50947, a cross-site scripting vulnerability in the Web UI. The NVD/IBM sources indicate affected versions are 22.0.2, 23.0.1, and 23.0.2, with the issue allowing embedding of arbitrary JavaScript in the Web UI and potentially exposin...

PaperCut MF and PaperCut NG Security Vulnerabilities

PaperCut MF and PaperCut NG are both products of PaperCut Australia.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control software.PaperCut MF is a multifunctional printer control software.PaperCut NG is a next-generation printer control...

Security Bulletin: A CVE-2023-21967 vulnerability in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21967...

IBM Robotic Process Automation 代码问题漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A code issue vulnerability exists in IBM Robotic Process Automation versions...

Security Bulletin: IBM Robotic Process Automation is vulnerable to session tokens not being invalidated after password reset.

Summary IBM Robotic Process Automation session tokes are not invalidated after a password reset. IBM X-Force ID: 243710. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details IBM X-Force ID: 243710 DESCRIPTION: IBM Robotic Process Automation cou...

SUSE CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surfac...

Nextcloud Server < 20.0.14.4, 21.x < 21.0.8, 22.x < 22.2.4, 23.x < 23.0.1 Control Character Filtering Vulnerability (GHSA-w3h6-p64h-q9jp)

Nextcloud Server is prone to a control character filtering vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-24888 Possible Injection in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...

Nextcloud 数据伪造问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A data forgery issue vulnerability exists in Nextcloud Server versions prior to 21.0.8, 22.2.4, and 23.0.1. An attacker exploiting this vulnerability could...

CVE-2022-24741 High memory usage in Nextcloud server

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded...

PT-2022-16844 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 21.0.8 Nextcloud Server versions prior to 22.2.4 Nextcloud Server versions prior to 23.0.1 Description: The issue affects Nextcloud server, an open source, self-hosted cloud style services platform. An...

IceHrm Information Disclosure Vulnerability

IceHrm is a free and open source human resource management system from IceHrm Sri Lanka. The system supports leave management, time tracking and more. A security vulnerability exists in IceHrm version 23.0.1.OS. No details of the vulnerability are provided at this time...

CVE-2018-12420

IceHrm prior to version 23.0.1.OS is affected by a vulnerability related to risky handling of a hashed password in a request. The issue is described across multiple sources as a security exposure in IceHrm that could impact confidentiality (per CVSS) and is addressed by upgrading to 23.0.1.OS. Af...