101 matches found
CVE-2026-44351
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...
CVE-2026-34296
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-34296
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
PT-2026-34120
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
Oracle Agile Product Lifecycle Management for Process 安全漏洞
Oracle Agile Product Lifecycle Management for Process is a product lifecycle management system designed for the process industry by Oracle Corporation. Version 6.2.4 of Oracle Agile Product Lifecycle Management for Process contains a security vulnerability. This vulnerability stems from issues wi...
Linux Distros Unpatched Vulnerability : CVE-2026-40046
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for CVE-2025-66168: MQTT control packet...
EUVD-2026-21362
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
CVE-2026-39304 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
CVE-2026-40046
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
UBUNTU-CVE-2026-40046
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
CVE-2026-40046
CVE-2026-40046 is an Integer Overflow/Wraparound vulnerability in Apache ActiveMQ and related modules (ActiveMQ, ActiveMQ All, ActiveMQ MQTT) caused by improper validation of the MQTT remaining length field. A fix intended for CVE-2025-66168 was applied only to 5.19.2+ but was missed for 6.0.0–6....
CVE-2021-27704
Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page...
CVE-2025-13702 IBM Sterling Partner Engagement Manager Cross-Site Scripting
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2025-13723 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token...
CVE-2025-13726 IBM Sterling Partner Engagement Manager Information Disclosure
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system...
EUVD-2026-3543
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Supplier Portal. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
EUVD-2026-3565
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-21969
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Supplier Portal. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-3694
Name of the Vulnerable Software and Affected Versions Oracle Agile Product Lifecycle Management for Process version 6.2.4 Description An easily exploitable issue exists in the Product Quality Management component of Oracle Agile Product Lifecycle Management for Process. A low-privileged attacker...