cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.0 <=3.3.2.2), cn.herodotus.engine:oauth2-core (>=3.3.0.0 <=3.3.2.2) +249 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.3.0 <=6.3.10)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.3.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.1 and more Source cves: CVE-2026-22748 Source advisory:...

EUVD-2021-20621

Malware in sbrugna...

PT-2025-32954

Name of the Vulnerable Software and Affected Versions: Zoom versions prior to 6.3.10 Description: An untrusted search path vulnerability exists in certain Zoom Clients for Windows. This flaw may allow an unauthenticated user to escalate privileges via network access. Recommendations: Update Zoom ...

Zoom Workplace VDI < 6.3.10 Vulnerability (ZSB-25030)

The version of Zoom Workplace VDI installed on the remote host is prior to 6.3.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25030 advisory. - Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of...

Zoom Workplace VDI < 6.3.10 Vulnerability (ZSB-25028)

The version of Zoom Workplace VDI installed on the remote host is prior to 6.3.10. It is, therefore, affected by a vulnerability as referenced in the ZSB-25028 advisory. - Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via...

WordPress Business Directory Plugin Plugin <= 6.3.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software Business Directory Plugin Type Plugin Vulnerable versions = 6.3.10 Fixed in 6.3.11 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5803 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 89c884aa531f Credits Brandon...

Xxe

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack...

CVE-2022-2131

Summary: CVE-2022-2131 affects OpenKM Community Edition 6.3.10 and earlier, where an XMLReader parser in XMLTextExtractor.java was used without the required security flags, enabling an XML External Entity (XXE) attack. What is affected: OpenKM Community Edition versions up to and including 6.3.10...

CVE-2021-3628

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

CVE-2021-3628

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

Cross site scripting

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

CVE-2021-3628

OpenKM Community Edition 6.3.10 is vulnerable to authenticated Cross-site Scripting (XSS) via the uuid parameter. The issue arises from unvalidated input in the uuid field, allowing an attacker to inject arbitrary client-side code after authentication. Documented across multiple sources (NVD entr...

CVE-2021-3628 OpenKM Document Management Community vulnerable to Cross Site Scripting

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

CVE-2018-7431

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files v...

Unspecified Vulnerability in Oracle MySQL Workbench Component

Oracle MySQL is an open source relational database management system from Oracle. The database system has high performance, low cost, good reliability , etc. MySQL Workbench is one of the components designed specifically for MySQL with database modeling capabilities . A security vulnerability...

Splunk Enterprise XSS Vulnerability (SP-CAAAPZ3)

Splunk Enterprise is prone to a persistent cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...