27561 matches found
CVE-2026-3602
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
Security Bulletin: IBM WebSphere eXtreme Scale is affected by Insecure Deserilization
Summary IBM WebSphere eXtreme Scale is affected by Insecure Deserilization of untrusted data CVE-2026-13759 Vulnerability Details CVEID:CVE-2026-13759 DESCRIPTION: WebSphere eXtreme Scale ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream,...
CVE-2026-48307
CVE-2026-48307 affects ColdFusion versions 2025.9, 2023.20 and earlier and is a reflected Cross-Site Scripting vulnerability (CWE-79). An attacker can inject malicious scripts into a web page, potentially leading to arbitrary code execution in the context of the current user. Exploitation require...
CVE-2026-8403
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...
CVE-2026-8403 Stored XSS in Exagate's SYSGUARD 6001
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Stored XSS. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.4.0. NOTE: The vendor was contacted and it...
DEBIAN-CVE-2026-50229
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
CVE-2026-53404
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method
Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-55276 Apache Tomcat: Logged effective web.xml is incomplete
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-53404 Apache Tomcat: Bad ornext processing in RewriteValve
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
CVE-2026-50229 Apache Tomcat: XSS in number guess example
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383, CVE-2026-11541, CVE-2026-11536)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Vulnerability in Dojo affects IBM Integrated Analytics System[CVE-2021-23450]
Summary The Dojo package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2021-23450. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: All versions of package dojo are vulnerable to Prototype Pollution via the setObject functio...
CVE-2025-0824
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00...
CVE-2025-7386 Information exposure vulnerability in Hitachi Storage Navigator
Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi...
PT-2026-53740
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...
GitLab CE/EE - Information Disclosure
GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...
CVE-2026-10643
Zephyr CVE-2026-10643 affects the IP socket recvmsg() ancillary-data path (insert_pktinfo in subsys/net/lib/sockets/sockets_inet.c). A check only compared msg_controllen to pktinfo_len, omitting the cmsg header size, allowing an under-checked window (e.g., 16–27 bytes for IPv4 IP_PKTINFO on a 64‑...