92 matches found
org.apache.iotdb:integration-test (=2.0.1-beta), org.apache.iotdb:iotdb-cli (=2.0.1-beta) +2 more potentially affected by CVE-2025-26795 via org.apache.iotdb:iotdb-jdbc (>=2.0.1-beta <=2.0.2-1)
org.apache.iotdb:iotdb-jdbc MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.2-1 Source cves: CVE-2025-26795 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-10176117...
CVE-2025-4547
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...
TIBCO Security Advisory: May 13, 2025 - TIBCO BPM Enterprise - CVE-2025-2261
TIBCO BPM Enterprise XSS Vulnerability Original release date: May 13, 2025 Last revised: --- CVE-2025-2261 Source: TIBCO Software Inc. Products Affected TIBCO BPM Enterprise Component Affected TIBCO ActiveMatrix Administrator Description Stored XSS occurs when a web application gathers input from...
CVE-2025-29154
HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacaotreinamento/, .galera.app/rh/metas/perspectivaestrategica/edicao/, .galera.app/rh/cadastros/perspectivas/listagem/adc/,...
PT-2025-20294 · Unknown · Koillection
Name of the Vulnerable Software and Affected Versions: Koillection version 1.6.10 Description: A Cross Site Scripting issue allows a remote attacker to escalate privileges via the collection, Wishlist, and album components. Recommendations: For Koillection version 1.6.10, consider restricting...
org.apache.streampipes:streampipes-backend (>=0.66.0 <=0.90.0), org.apache.streampipes:streampipes-platform-services (>=0.68.0 <=0.95.1) +2 more potentially affected by CVE-2024-24778 via org.apache.streampipes:streampipes-rest (>=0.66.0 <=0.95.1)
org.apache.streampipes:streampipes-rest MAVEN version =0.66.0, =0.66.0, =0.68.0, =0.91.0, =0.93.0, =0.95.0 Source cves: CVE-2024-24778 Source advisory: SNYK:JAVA-ORGAPACHESTREAMPIPES-9058044...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-antlib (>=3.0.0 <=3.0.1) +31 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.0.0-RC1 <=3.7.5)
org.apache.james.protocols:protocols-imap MAVEN version =3.0.0-RC1, =3.7.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.4.0, =3.0.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.6.2 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...
CVE-2020-15154
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js...
com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)
org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...
The vulnerability in the components of lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c of the RPM file size reduction software allows a hacker to execute arbitrary code.
The vulnerability of components such as lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c in the RPM file size reduction software is related to integer overflow. Exploiting this vulnerability can allow an attacker, operating locally, to gain unauthorized access to protect...
CVE-2023-36306
A Cross Site Scripting XSS vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components...
PT-2023-25521 · Adiscon · Loganalyzer
Name of the Vulnerable Software and Affected Versions: Adiscon LogAnalyzer versions through 4.1.13 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via the "asktheoracle.php", "details.php", "index.php", "search.php", "export.php", "reports.php", an...
Cisco BroadWorks 安全漏洞
Cisco BroadWorks is a carrier-grade unified communications software platform from Cisco. It is used to deploy cloud calls from public network platforms on any type of wired or wireless network architecture. A security vulnerability exists in Cisco BroadWorks that stems from a flaw in the privileg...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to cross-site scripting (CVE-2022-0225)
Summary IBM i Modernization Engine for Lifecycle Integration platform component is vulnerable to cross-site scripting as described in the Vulnerability Details section. These components are used in IBM i Modernization Engine for Lifecycle Integration for infrastructure support in the platform. IB...
PT-2022-17444 · Qualcomm · Snapdragon
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a possible buffer overflow due to the lack of buffer length check during management frame Rx handling, which can lead to denial of service in various...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +76 more potentially affected by CVE-2011-1772 via org.apache.struts:struts2-core (>=2.0.5 <=2.2.1.1)
org.apache.struts:struts2-core MAVEN version =2.0.5, =1.2.1, =0.6, =3.0, =2.4.0, =2.1.0, =3.0.2 and more Source cves: CVE-2011-1772 Source advisory: OSV:GHSA-56F8-G68R-J699...
br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.fluxcorp.plugins:webservice-trigger (>=1.0.2 <=1.0.3) +39 more potentially affected by CVE-2011-1411 via org.opensaml:opensaml (=2.4.1)
org.opensaml:opensaml MAVEN version =2.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensaml:opensaml and may be impacted: - br.net.woodstock.rockframework:rockframework-web =1.2.1, =1.0.2, =2.8.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0, =2.4.0,...
com.elasticbox.jenkins-ci.plugins:elasticbox (>=4.0.9 <=4.1.0), org.jenkins-ci.lib:xtrigger-lib (=0.36) +13 more potentially affected by CVE-2016-0792 via org.jenkins-ci.main:jenkins-core (>=1.643 <=1.649)
org.jenkins-ci.main:jenkins-core MAVEN version =1.643, =4.0.9, =1.643, =1.643, =1.645, =0.5, =1.648, =4.0.4, =1.0.0, =1.643, =1.0.45, =0.3.2, =0.3.8 - org.jenkins.plugins.statistics.gatherer:statistics-gatherer =1.0.1 Source cves: CVE-2016-0792 Source advisory: OSV:GHSA-45RG-G72W-R393...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000407 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000407 Source advisory: OSV:GHSA-HV45-5J9H-7FHG...