CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36065 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system...

CVE-2022-36065

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

CVE-2020-36065

Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...

CVE-2020-36065

Cross Site Request Forgery CSRF vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/adminsave...

CVE-2020-36065

CVE-2020-36065 (FlyCms 1.0) describes a CSRF vulnerability in the FlyCms 1.0 platform that lets an attacker add arbitrary administrator accounts via the endpoint at system/admin/admin_save. The root cause is a CSRF weakness in the admin creation flow, enabling privilege escalation. Reported impac...

CVE-2022-36065

creationtimestamp| type| source ---|---|--- 2022-09-07 00:13:43+00:00| seen| https://t.me/cibsecurity/49392...

CVE-2022-36065

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

CVE-2022-36065

GrowthBook (self-hosted) prior to 2022-08-29 is affected by an account creation and arbitrary file-upload vulnerability that can lead to remote code execution if a Python script is uploaded to an arbitrary directory inside the container. Exploitation requires all of: self-hosted deployment (Growt...

CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

CVE-2021-36065

Adobe Photoshop with CVE-2021-36065 (and CVE-2021-36066) is affected by a heap-based buffer overflow and an out-of-bounds write in versions 21.2.10 and earlier, and 22.4.3 and earlier. The root causes are memory corruption vulnerabilities that could allow arbitrary code execution in the context o...

CVE-2021-36065 Adobe Photoshop Heap-Based Buffer Overflow Could Lead To Arbitrary Code Execution

Adobe Photoshop versions 21.2.10 and earlier and 22.4.3 and earlier are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

Adobe Photoshop 21.x < 21.2.11 / 22.x < 22.5 Multiple Vulnerabilities (macOS APSB21-68)

The version of Adobe Photoshop installed on the remote macOS or Mac OS X host is prior to 21.2.11/22.5. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-68 advisory. - Adobe Photoshop versions 21.2.10 and earlier and 22.4.3 and earlier are affected by an...

WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-36065)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...