Security Bulletin: Vulnerability in micromatch affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in nodes.js module micromatch affects IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in...

CVE-2025-63072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through = 7.7.3...

CVE-2025-63072 WordPress Cornerstone plugin <= 7.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through = 7.7.3...

CVE-2025-63072 WordPress Cornerstone plugin <= 7.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through = 7.7.3...

CVE-2025-63072

The CVE describes a stored XSS in the WordPress Cornerstone plugin (THEMECO Cornerstone) affecting versions up to and including 7.7.3. The vulnerability arises from improper input neutralization during web page generation, enabling stored cross-site scripting. Affected component: Cornerstone Word...

PT-2024-25799

Name of the Vulnerable Software and Affected Versions react-pdf versions prior to 7.7.3 react-pdf versions prior to 8.0.2 Description The issue arises when PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true, which is the default value. This...

Atlassian Jira 7.7.0 < 7.7.3 Missing Authentication Checks In Administrative System

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.6.5, 7.7.0 prior to 7.7.3 or 7.8.0 prior to 7.8.4. It is, therefore, affected by a vulnerability which permits remote attackers to run import operations and to determine if ...

GHSA-H2VQ-7GF2-QW9V Umbraco CMS XXE Vulnerability

XML external entity XXE vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts aka SSRF, related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs...

XML External Entity (XXE) Injection

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to XML External Entity XXE Injection via importDocumenttype.aspx.cs. Exploiting this vulnerability allows the attacker to obtain sensitive information by reading files on the server or sending TCP request...

Incorrect Authorization in Apache Solr

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous which could be used for remote code execution to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such featur...

CVE-2021-42976

NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/...

LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

LogicalDOC Enterprise 7.7.4 - User Enumeration Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document...

CVE-2017-15279

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

Apple QuickTime Targa image Buffer Overflow

A buffer overflow vulnerability in QuickTime PictureViewer.exe and the specific flaw exists within TGA file images encoded data, When encountering an invalid encoded width field and can be result a heap-based buffer overflow occur. And this vulnerability allows remote attackers to execute arbitra...

Apple QuickTime 视频文件缓冲区溢出漏洞

CVE ID: CVE-2012-3756 QuickTime是由苹果电脑所开发的一种多媒体架构，能够处理许多的数字视频、媒体段落、音效、文字、动画、音乐格式，以及交互式全景影像的数项类型。 QuickTime在处理特制PM4文件内的'rnet'框时存在缓冲区溢出漏洞，可导致应用意外终止或任意代码执行。 0 Apple Quicktime 7.x 厂商补丁： Apple ----- 请更新到QuickTime 7.7.3： APPLE-SA-2012-11-07-1：QuickTime 7.7.3 链接：http://www.apple.com/quicktime/download/...

Websense Content Gateway XSS vulnerabilities

Overview Websense Content Gateway contains XSS vulnerabilities. Description Websense Content Gateway contains the following post-authentication reflective XSS vulnerabilities within the menu and item parameter values in the /monitor/moverview.ink webpage. The reflective XSS reported allows for...