ProjeQtOr code-related vulnerabilities

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Version 9.1.4 of ProjeQtOr contains a code vulnerability; this vulnerability stems from insufficient validation of the file upload function, which may allow arbitrary code to be executed...

CVE-2025-36386

CVE-2025-36386 affects IBM Maximo Application Suite: MAS Manage component versions 9.0.0–9.0.15 and 9.1.0–9.1.4, where a flaw in MXCSP integration with Cognos Analytics allows a remote attacker to bypass authentication and gain full access. The vulnerability is linked to authentication bypass by ...

Kibana 7.0.x <= 7.17.29 / 8.0.x <= 8.18.7 / 8.19.x <= 8.19.4 / 9.0.x <= 9.0.7 / 9.1.x <= 9.1.4 Multiple XSS (ESA-2025-17, ESA-2025-20)

The version of Kibana running on the remote host is prior to 7.0 prior to 7.17.29, 8.0 prior to 8.18.7, 8.19 prior to 8.19.4, 9.0 prior to 9.0.7 and 9.1 prior to 9.1.4. It is, therefore, affected by a cross-site scripting vulnerability as referenced in the ESA-2025-17, ESA-2025-20 advisory. -...

CVE-2025-41000

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-41000

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS

Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...

BoomCMS 安全漏洞

BoomCMS is a content management platform from Boom Open Source. A security vulnerability exists in BoomCMS version v9.1.4, which stems from vulnerability to cross-framework scripting attacks and may lead to user information disclosure...

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin NEX-Forms versions = 9.1.3...

CVE-2025-24623 WordPress Really Simple Security plugin <= 9.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Cross Site Request Forgery.This issue affects Really Simple SSL: from n/a through = 9.1.4...

CVE-2025-24623

CVE-2025-24623 is a CSRF vulnerability in the WordPress plugin Really Simple Security (formerly Really Simple SSL) affecting versions n/a through 9.1.4. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, required user interaction, and no confidentiality/availability impact, and p...

PT-2025-5452 · Unknown · Really Simple Ssl

Name of the Vulnerable Software and Affected Versions: Really Simple SSL versions n/a through 9.1.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions n/a through...

CVE-2024-29945

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at...

CVE-2024-29946 Risky command safeguards bypass in Dashboard Examples Hub

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into...

CVE-2024-29946

CVE-2024-29946 affects Splunk Enterprise versions older than 9.2.1, 9.1.4, and 9.0.9. The Dashboard Examples Hub lacks protections for risky SPL commands, potentially allowing bypass of safeguards. The attack requires phishing the victim into initiating a browser request. Remediation per connecte...

PT-2024-2533 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.1 Splunk Enterprise versions prior to 9.1.4 Splunk Enterprise versions prior to 9.0.9 Description: The issue is related to the lack of protections for risky SPL commands in the Dashboard Examples Hub...

CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

OESA-2022-2164 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse,forward and transparent proxy and cache. Security Fixes: Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain...

OESA-2022-2166 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse,forward and transparent proxy and cache. Security Fixes: Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain...

DEBIAN-CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...