Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

EUVD-2020-3111

Malware in sbrugna...

Dell ECS 安全漏洞

Dell ECS is a scalable, easy-to-manage, and resilient enterprise-class object storage solution from Dell, Inc. A security vulnerability exists in Dell ECS versions prior to 3.8.1.5 and ObjectScale versions prior to 4.0.0.0, which stems from the use of hard-coded encryption keys that could lead to...

Dell ECS和Dell ObjectScale 日志信息泄露漏洞

Dell ECS and Dell ObjectScale are both products of Dell Inc.Dell ECS is a scalable, easy-to-manage and resilient enterprise-class object storage solution.Dell ObjectScale is an object storage platform. A log information disclosure vulnerability exists in Dell ECS and Dell ObjectScale that...

GHSA-QC3Q-8RR8-8P5V Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

CVE-2024-21516

Summary: CVE-2024-21516 affects opencart/opencart versions 4.0.0.0 through before 4.1.0.0. A reflected XSS exists in the directory parameter of the admin common/filemanager.list route. By tricking a user into clicking a malicious URL, an attacker can obtain the user’s token through login prompts,...

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

PT-2024-18930 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the redirect parameter of the "customer account/login" route. An attacker can inject arbitrary HTML and Javascript into the page response. This issue is...

PT-2024-24198 · Terabyte Unlimited · Image For Windows

Name of the Vulnerable Software and Affected Versions: TeraByte Unlimited Image for Windows versions 3.64.0.0 and earlier Description: An issue in the software allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. This enables the attacker to gain...

CVE-2023-47444

CVE-2023-47444 affects OpenCart 4.0.0.0 through 4.0.2.3. The issue allows an authenticated backend user with common/security write privileges to write arbitrary untrusted data into config.php and admin/config.php, enabling remote code execution on the server. The attached connected documents cons...

3s-smart Software Solutions CODESYS Development System 安全漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for use in the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A security vulnerability exists in the CODESYS Development System that stems from an insecure...

CVE-2022-30422

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

Remote code execution

The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution...

Command injection

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

McAfee True Key Cross-Site Scripting Vulnerability

McAfee True Key TK is an authentication application from the American company McAfee. The program supports features such as facial information recognition and fingerprint recognition. A security vulnerability exists in McAfee TK 4.0.0.0 and earlier versions. The vulnerability can be exploited by ...