CVE-2026-24351

PluXml CMS is affected by CVE-2026-24351 (Stored XSS in Static Pages editing). An attacker with editing privileges can inject arbitrary HTML/JS that is rendered when visiting the edited page. Vulnerable confirmed in versions 5.8.21 and 5.9.0-rc7; other versions were not tested and might also be v...

EUVD-2026-5322

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

CVE-2026-1894

WeKan up to 8.20 is affected in the REST API component, specifically the file models/checklistItems.js. Manipulating the arguments item.cardId, item.checklistId, or card.boardId can lead to improper authorization and remote exploitation. A fix is available in version 8.21; apply the official patc...

Security Bulletin: A vulnerability in form-data affect IBM® Db2® Big SQL.

Summary A vulnerability in form-data affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Time-series operations may cause internal BSON size limit to be exceed

Inconsistent object size validation in time series processing logic may result in later processing of oversized BSON documents leading to an assert failing and process termination. This issue impacts MongoDB Server v7.0 versions prior to 7.0.26, v8.0 versions prior to 8.0.16 and MongoDB server v8...

OESA-2025-2390 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a...

Exploit for CVE-2025-46817

CVE-2025-46817 – Redis Lua unpack Integer Overflow Potentia...

CVE-2025-46817

The CVE-2025-46817 issue is in Redis Lua scripting: authenticated users can trigger an integer overflow via a crafted Lua script, potentially enabling remote code execution. Affected are Redis versions 8.2.1 and earlier; the problem exists across Redis installations that support Lua scripting. Th...

CVE-2022-3821

creationtimestamp| type| source ---|---|--- 2025-05-02 18:19:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14543...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

Pegasystem PEGA Platform Security Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, Case Management, Real-Time Decision Making and CRM Customer Relationship Management. A security vulnerabilit...

CVE-2023-35982

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities...

CVE-2019-19705

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 and on many other Lenovo and non-Lenovo products, mishandles DLL preloading...

CVE-2021-33254

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function...

CVE-2020-15383

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic...

CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser...

QPDF libqpdf/QPDFWriter.cc Denial of Service Vulnerability

QPDF is a command line program capable of structuring PDFs. The program can encrypt PDF files, analyze or change the internal structure of PDF files. A security vulnerability exists in the 'QPDFWriter::unparseObject' and 'QPDFWriter::unparseChild' functions in the libqpdf/QPDFWriter.cc file in QP...

PT-2007-2015 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.3 through 7.3.12 PostgreSQL versions 7.4 through 7.4.15 PostgreSQL versions 8.0 through 8.0.10 PostgreSQL versions 8.1 through 8.1.6 PostgreSQL versions 8.2 through 8.2.1 Description: The issue allows attackers to disabl...