CVE-2026-35274

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

EUVD-2026-28807

MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Dell PowerProtect Data Domain（Dell PowerProtect DD） 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. There are security vulnerabilities in versions 8.5 to 8.6 of Dell PowerProtect Data Domain, which stem from improp...

Montala ResourceSpace SQL注入漏洞

Montala ResourceSpace is an open-source digital asset management tool developed by Montala Company in the UK. It enables users to organize their digital assets. Version 8.6 of Montala ResourceSpace contains a SQL injection vulnerability. This vulnerability stems from the ref parameter being...

CVE-2025-12062 WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fcloadtemplate function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2026-1763

Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions...

CVE-2026-1762

A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation. Affected product: Enervista UR Setup, version 8.6 and earlier. Root cause and concrete impact are described as file manipulation with a CVSS v3.1 base score 2.9 (LOW); attack vector: Physical, attack complexity:...

PT-2026-7465

Name of the Vulnerable Software and Affected Versions GE Vernova Enervista versions prior to 8.6 Description A flaw exists in GE Vernova Enervista UR Setup on Windows that permits file manipulation. Recommendations Update to a version later than 8.6...

CVE-2025-64188

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...

Oracle Linux 10 : valkey (ELSA-2025-21936)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21936 advisory. - rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 - rebase to 8.0.4 for CVE-2025-27151 CVE-2025-48367 and...

CVE-2025-12560

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make we...

CVE-2025-63585

OSSN Open Source Social Network 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter...

CVE-2025-63441

Open Source Social Network OSSN 8.6 is vulnerable to Cross Site Scripting XSS via the parameter param at endpoint u/administrator/friends...

EUVD-2025-35286

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Rich Text Editor. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities.PeopleSoft Enterprise PeopleTools is one of the tools and...

CVE-2025-10006

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-10006

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'revslidervc' shortcode in all versions up to, and including, 8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

GHSA-H7RH-XFPJ-HPCM MinIO Java Client XML Tag Value Substitution Vulnerability

Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...

CVE-2024-53554

A Client-Side Template Injection CSTI vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details...