Broadcom Symantec Data Loss Prevention Windows Endpoint 安全漏洞

Broadcom Symantec Data Loss Prevention Windows Endpoint is a terminal data leakage prevention security software developed by Broadcom Corporation. There is a security vulnerability in Broadcom Symantec Data Loss Prevention Windows Endpoint, which stems from an privilege escalation vulnerability...

CVE-2026-33402

Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...

CVE-2026-33402

Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...

CVE-2026-33402 SAK-52311: Sakai site-manage group titles can contain XSS content

Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...

OpenText Vertica 跨站脚本漏洞

OpenText Vertica is a relational database management system RDBMS from OpenText Canada. It can efficiently store massive amounts of data. OpenText Vertica has a cross-site scripting vulnerability, which stems from improper input during web page generation. This vulnerability may lead to reflectiv...

CVE-2025-12812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

CVE-2025-12812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

CVE-2025-12812 Cloud Suite and Privilege Access Service – SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

PT-2026-20543

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1...

Missing Authorization

Overview galaxy-web-apps is a Galaxy web apps Affected versions of this package are vulnerable to Missing Authorization in the create function in visualizations.py.An anonymous user can create visualizations. Remediation Upgrade galaxy-web-apps to version 25.1.dev0 or higher. References - GitHub...

EUVD-2025-204000

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67792

An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers...

CVE-2025-27258

Ericsson Network Manager ENM versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege...

CVE-2025-27258

Ericsson Network Manager ENM versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

CVE-2025-50989

OPNsense before 25.1.8 suffers an authenticated command injection in the Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The POST parameter span is concatenated into a system-level command without sanitization, allowing an administrator to inject arbitrary shell commands and payloads...

Deciso OPNsense 操作系统命令注入漏洞

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. An operating system command injection vulnerability exists in Deciso OPNsense version 25.1, which stems from improper handling of the span parameter in the Bridge Interface Edit...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, kubernetes-csi-driver-hostpath, kubo, neuvector-dbgen, terraform-provider-azapi-fips, aws-sigv4-proxy-fips, cert-manager-csi-driver-fips, kubescape-operator-fips, rke2-cloud-provider,...

OpenText Content Management CE 跨站脚本漏洞

OpenText Content Management CE is an enterprise content management solution from OpenText Canada. A cross-site scripting vulnerability exists in OpenText Content Management CE versions 20.2 through 25.1, which stems from stored cross-site scripting in the Discussions feature that could lead to co...

OpenText Content Management 安全漏洞

OpenText Content Management is an enterprise content management software from OpenText Canada. A security vulnerability exists in OpenText Content Management versions 24.3 through 25.1, which stems from a user enumeration and data integrity issue in the barcode functionality, which could lead to ...