8 matches found
CVE-2026-44376
CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...
CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...
Tenable Security Center < 6.7.0 (TNS-2025-21)
According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.7.0. It is, therefore, affected by a vulnerability as referenced in the TNS-2025-21 advisory. - In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability...
CVE-2025-36636 Improper Access Control
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...
Dell EMC RSA Archer Information Disclosure Vulnerability (CNVD-2020-31252)
Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An information disclosure vulnerability exists in versions prior to Dell...
ArcSight Logger Remote Code Execution Vulnerability
Micro Focus ArcSight Logger is a suite of log management software from Micro Focus UK. The software collects and integrates data from any log generation source for log management, searching, indexing, reporting, analysis and retention. An input validation vulnerability exists in Micro Focus...
CVE-2019-3479
Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7...
pcre integer overflow
Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...