org.webjars.npm:tinymce__tinymce-vue (>=5.1.0 <=5.1.1), org.wicketstuff:wicketstuff-tinymce6 (>=10.0.0 <=10.9.2) potentially affected by CVE-2026-47760 via org.webjars.npm:tinymce (>=6.8.3 <=6.8.6)

org.webjars.npm:tinymce MAVEN version =6.8.3, =5.1.0, =10.0.0, =10.9.2 Source cves: CVE-2026-47760 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-17056160...

HAPI FHIR HTTP authentication leak in redirects

Impact When setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the Location: response header value. Sending the same set of...

EUVD-2025-207564

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

CVE-2025-9120

CVE-2025-9120 : OpenText Carbonite Safe Server Backup is affected up to version 6.8.3 by an improper generation of code vulnerability (code injection). The issue can be exploited via an open port to potentially gain unauthorized access, with a CVSSv4.0 base score of 8.6 (HIGH) and local attack Ve...

OpenText Carbonite Safe Server Backup 代码注入漏洞

OpenText Carbonite Safe Server Backup is a hybrid cloud backup software developed by OpenText Corporation in Canada. Versions of OpenText Carbonite Safe Server Backup 6.8.3 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper code generation controls, whi...

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint /auth/saml/callback. By manipulating the RelayState parameter, an attacker can...

OpenCTI 输入验证错误漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI. An input validation error vulnerability exists in OpenCTI versions prior to 6.8.3 that stems from improper manipulation of the RelayState parameter in the SAML authentication endpoint, which could lead to an open redirecti...

CVE-2025-62367

Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0...

CVE-2025-62368 Taiga Authenticated Remote Code Execution

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0...

CVE-2025-62367

Taiga (open source project management platform) – CVE-2025-62367 affects Taiga API in versions 6.8.3 and earlier, where a time-based blind SQL injection can disclose sensitive data via response timing. Root cause: improper handling of API input enabling blind SQL injection. Impact: potential expo...

Fedora 43 : wordpress (2025-8e71abf396)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8e71abf396 advisory. WordPress 6.8.3 Release Security updates included in this release: A data exposure issue where authenticated users could access some restricted content...

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

EUVD-2025-34743

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

[SECURITY] Fedora 41 Update: wordpress-6.8.3-1.fc41

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

[SECURITY] Fedora 42 Update: wordpress-6.8.3-1.fc42

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

Fedora: Security Advisory (FEDORA-2025-acd3e11344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WP < 6.8.3 - Contributor+ Sensitive Data Disclosure

Description WordPress is affected by a data exposure issue which could allow contributor and above roles to access some restricted content...

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in Qt versions 6.6.0 through 6.8.3 and 6.9.0 through 6.9.1, which stems from the fact that passing a value out of the expected range could result in a denial of service...

cn.hippo4j:hippo4j-monitor-elasticsearch (>=1.4.1 <=1.5.0), cn.hippo4j:hippo4j-monitor-es (>=1.4.0 <=1.4.0-alpha) +186 more potentially affected by CVE-2019-7619 via org.elasticsearch:elasticsearch (>=6.7.0 <=6.8.3)

org.elasticsearch:elasticsearch MAVEN version =6.7.0, =1.4.1, =1.4.0, =6.8.13, =6.7.2, =0.9.0.0, =0.9.0.0, =0.9.0.0, =6.7.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =6.7.0-33.3, =6.8.3-34.5 and more Source cves: CVE-2019-7619 Source advisory: OSV:GHSA-HXP8-R9G3-GRFRhttps://vulners.co...

Cross-site Scripting (XSS) - Stored in s-cart/s-cart

Description Stored XSS in S-Cart Version 6.8.3 affecting Product and Category module. Proof of Concept Product version: S-Cart Version 6.8.3 core 6.8.10 , https://github.com/s-cart/s-cart/releases/tag/v6.8.3 Vulnerability 1: Stored XSS In Product module 1 Endpoint: POST...