Microsoft PowerShell 7.4.x < 7.4.14 / 7.5.x < 7.5.5 Security Feature Bypass (April 2026)

The Windows 'Microsoft PowerShell' app installed on the remote host is 7.4.x prior to 7.4.14 or 7.5.x prior to 7.5.5. It is, therefore, affected by a security feature bypass vulnerability: - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security...

RTI Connext Professional 安全漏洞

RTI Connext Professional is a connectivity platform from RTI USA designed to meet the demanding requirements of the Industrial Internet of Things IIoT. A security vulnerability exists in RTI Connext Professional versions 7.4.0 through prior to 7.6.0 and 7.2.0 through 7.3.0.9, which stems from an...

CVE-2021-38126

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting XSS...

KLA49330 Multiple vulnerabilities in LibreOffice

Multiple vulnerabilities were found in LibreOffice. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Improper Access Control vulnerability in IFrame can be exploited to bypass security...

Design/Logic Flaw

Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames...

Cross site scripting

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting XSS...

CVE-2021-38127

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting XSS...

Atlassian Confluence 7.5.x < 7.5.2 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.4.2 or 7.5.x 7.5.2. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability in user macro parameters. Note that the scanner has not tested for these issues b...

Atlassian Confluence 7.5.x < 7.5.1 Template Injection

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.4.5 or 7.5.x 7.5.1. It is, therefore, affected by an injection vulnerability in custom user macros allowing remote attackers with system administration permissions to bypas...

Security Bulletin: Security vulnerability is identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2020-4949)

Summary In the WebSphere Application Server WAS admin console where the Rational Asset Manager RAM is deployed, security vulnerability is observed. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletin. Vulnerability...

IBM MQ 7.1.x / 7.5.x / 8.0.0.x < 8.0.0.15 / 9.0.0.x < 9.0.0.10 / 9.1.0.x < 9.1.0.5 LTS / 9.1.x < 9.1.5 CD Denial of Service Vulnerability (DoS)

According to its self-reported version, the IBM MQ server installed on the remote host is 8.0.0.x prior to 8.0.0.14 or 9.1.0.x prior to 9.1.0.5 LTS or 9.1.5 CD and is therefore affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue and cause an err...

Privilege escalation

Symantec Endpoint Protection Manager SEPM and Symantec Mail Security for MS Exchange SMSMSE, prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicati...

Design/Logic Flaw

IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to obtain sensitive information via a man-in-the-middle attack, related to duplication of message data in cleartext outside the protected payload. IBM X-Force ID: 103482...

Symantec Protection Engine 7.0.x < 7.0.5 HF02 / 7.5.x < 7.5.5 HF01 / 7.8.x < 7.8.0 HF03 Multiple DoS (SYM16-015) (Linux)

The version of Symantec Protection Engine SPE installed on the remote Linux host is 7.0.x prior to 7.0.5 hotfix 02, 7.5.x prior to 7.5.5 hotifx 01, or 7.8.x prior to 7.8.0 hotifx 03. It is, therefore, affected by multiple denial of service vulnerabilities : - A denial of service vulnerability...

Design/Logic Flaw

The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL th...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere Service Registry and Repository WSRR 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets...

ESA-2012-005: EMC NetWorker buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-005: EMC NetWorker buffer overflow vulnerability. EMC Identifier: ESA-2012-005 EMC Identifier: NW135173 CVE Identifier: CVE-2012-0395 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC NetWorker Server...

CVE-2011-1421

EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors...

CVE-2011-1421

EMC NetWorker 7.5.x (before 7.5.4.3) and 7.6.x (before 7.6.1.5) are affected when the client push feature is enabled. The issue is weak permissions set on an unspecified file, enabling local users to gain elevated privileges. Exploitation details are not provided in the sources. Remediation is to...