24 matches found
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...
VulnCheck KEV: CVE-2026-35273
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
PT-2026-48612
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise PeopleTools versions 8.61 through 8.62 Description An unauthenticated remote code execution flaw exists in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. An attacker with...
Security update for mapserver (moderate)
openSUSE security update: security update for mapserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20476-1 Rating: moderate References: bsc1260869 Cross-References: CVE-2026-33721 Affected Products: openSUSE Leap 16.0...
Linux Distros Unpatched Vulnerability : CVE-2026-33721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer's...
CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2025-68115
Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...
PT-2025-51360
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.1 Parse Server versions prior to 9.1.0-alpha.3 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a Reflected Cross-Site Scripting XSS issue in its password reset...
CVE-2025-61750
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...
CVE-2025-61750
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...
CVE-2025-53059
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSof...
EUVD-2025-34532
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...
CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...
WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability
Stored Cross-Site Scripting via vccustomheading Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...
WordPress plugin WPBakery Page Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...
Fedora 41 : python-deepdiff / python-orderly-set (2025-ca5f759234)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-ca5f759234 advisory. Update to 8.6.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
PT-2024-26978 · Suitecrm · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.4 SuiteCRM versions prior to 8.6.1 Description: The issue is related to poor input validation, which allows for SQL Injection in the EmailUIAjax displayView controller. Recommendations: For versions prior to...
SuiteCRM Security Breach
SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 8.6.1 that stems from a host header injection when accessing the /legacy route directly...
CVE-2022-4468
The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...