84 matches found
UPX 安全漏洞
UPX is a free, secure, portable, scalable, high-performance executable shelling program for a wide range of executable formats. A security vulnerability exists in UPX 5.0.0 and earlier versions, which stems from an incorrect operation of the PackLinuxElf64::unDTINIT function that can cause a heap...
GHSA-P34J-R3CH-C985 Jenkins reveals encrypted values of secrets stored in agent configuration to users with Agent/Extended Read permission
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI. This allows attackers with Agent/Extended Read permission to view encrypted values of secrets. Jenkins 2.500, LTS 2.492.2 redacts the encrypted...
CVE-2025-0719
IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...
MITRE Caldera 安全漏洞
MITRE Caldera is a MITRE open source automated adversarial simulation platform. A security vulnerability exists in MITRE Caldera versions 4.2.0 and earlier and 5.0.0 and earlier, which stems from remote code execution in the Dynamic Proxy Compilation feature and allows an attacker to execute...
CVE-2023-35907
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...
IBM Cognos Dashboards on Cloud Pak for Data 代码问题漏洞
IBM Cognos Dashboards on Cloud Pak for Data is a business intelligence tool from International Business Machines IBM. A code issue vulnerability exists in IBM Cognos Dashboards on Cloud Pak for Data versions 4.0.7 and 5.0.0 that stems from dependency obfuscation...
IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞
IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...
WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Smart Custom Fields versions = 5.0.0...
WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Colin Xu in WordPress Plugin Mollie for Contact Form 7 versions = 5.0.0...
SICK InspectorP61x和SICK InspectorP62x 安全漏洞
The SICK InspectorP61x and SICK InspectorP62x are both ultra-compact industrial 2D vision sensors from SICK, Germany. A security vulnerability exists in the SICK InspectorP61x version prior to 5.0.0 and InspectorP62x version prior to 5.0.0, which stems from an unverified firmware update that allo...
Craft CMS 安全漏洞
Craft CMS is a content management system CMS from Craft CMS open source. A security vulnerability exists in Craft CMS versions 5.0.0 through 5.1.1 that stems from the presence of a stored cross-site scripting vulnerability...
CVE-2024-45098
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification...
DataGear 安全漏洞
DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear version 5.0.0 and earlier versions, which originates in the function evaluationVariableExpression in the file ConversionSqlParamValueMapper.java that causes...
11x-wagtail-blog (>=0.0.0 <=0.2.0), aldryn-django (>=5.0.2.0 <=5.0.11.0) +234 more potentially affected by CVE-2024-38875 via django (>=5.0.0 <=5.0.6)
django PYPI version =5.0.0, =0.0.0, =5.0.2.0, =0.0.15, =1.14.3, =0.0.20, =0.0.13, =0.0.19, =0.0.34, =0.0.50, =0.0.5, =0.0.11, =1.0.3, =0.1.0, =0.2.5 and more Source cves: CVE-2024-38875 Source advisory: OSV:GHSA-QG2P-9JWR-MMQF...
IBM Aspera 跨站脚本漏洞
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.6, which stems from the application's lack of effective filtering...
CVE-2023-37397
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672...
PT-2024-11636 · Ibm · Ibm Aspera Faspex
Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.7 Description: The issue allows a local user to obtain sensitive information due to weaker than expected security. Recommendations: For IBM Aspera Faspex versions 5.0.0 through 5.0.7, update to a...
JFinalCMS SQL注入漏洞
JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...
CVE-2024-20917
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Log Management. The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-02993)
JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...