Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

7.5CVSS6AI score0.00702EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/06/11 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-35273

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Updates Environment Management. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

9.8CVSS5.8AI score0.9233EPSS
In wildExploits3References7
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48612

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise PeopleTools versions 8.61 through 8.62 Description An unauthenticated remote code execution flaw exists in the Updates Environment Management component of Oracle PeopleSoft Enterprise PeopleTools. An attacker with...

10CVSS8.3AI score0.9233EPSS
Exploits3References253
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/09 12:0 a.m.3 views

Security update for mapserver (moderate)

openSUSE security update: security update for mapserver ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20476-1 Rating: moderate References: bsc1260869 Cross-References: CVE-2026-33721 Affected Products: openSUSE Leap 16.0...

7.5CVSS5.9AI score0.00865EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer's...

7.5CVSS5.8AI score0.00865EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 12:15 a.m.5 views

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

5.3CVSS5.9AI score0.00865EPSS
Exploits1References4
CVE
CVE
added 2025/12/16 12:56 a.m.9 views

CVE-2025-68115

Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 12:56 a.m.1 views

CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.5 views

PT-2025-51360

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.1 Parse Server versions prior to 9.1.0-alpha.3 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a Reflected Cross-Site Scripting XSS issue in its password reset...

6.1CVSS5.8AI score0.00183EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/10/22 8:19 p.m.5 views

CVE-2025-61750

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...

4.3CVSS4.9AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 8:20 p.m.2 views

CVE-2025-61750

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Query. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTool...

4.3CVSS5.8AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 8:20 p.m.1 views

CVE-2025-53059

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: OpenSearch Dashboards. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSof...

4.9CVSS5.8AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 6:43 a.m.6 views

EUVD-2025-34532

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is due to insufficient input sanitization and output escaping of user-supplied JavaScript code in the Custom JS module. This makes...

6.4CVSS4.7AI score0.00194EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/15 6:43 a.m.2 views

CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode

The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...

6.4CVSS4.6AI score0.00194EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/10/15 12:22 a.m.6 views

WordPress WPBakery Page Builder plugin <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode vulnerability

Stored Cross-Site Scripting via vccustomheading Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPBakery Page Builder versions = 8.6.1...

6.4CVSS5.6AI score0.00194EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

WordPress plugin WPBakery Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

6.4CVSS5.9AI score0.00194EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/26 12:0 a.m.3 views

Fedora 41 : python-deepdiff / python-orderly-set (2025-ca5f759234)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-ca5f759234 advisory. Update to 8.6.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

10CVSS7.8AI score0.01056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/10 12:0 a.m.8 views

PT-2024-26978 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.4 SuiteCRM versions prior to 8.6.1 Description: The issue is related to poor input validation, which allows for SQL Injection in the EmailUIAjax displayView controller. Recommendations: For versions prior to...

9.6CVSS8.4AI score0.00435EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.5 views

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions prior to 8.6.1 that stems from a host header injection when accessing the /legacy route directly...

6.1CVSS7AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2023/01/09 11:15 p.m.1 views

CVE-2022-4468

The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00534EPSS
Exploits2References1
Rows per page
Query Builder