CVE-2026-1182

GitLab CE/EE patched CVE-2026-1182 affecting all versions: 8.14–18.7.6, 18.8–18.8.6, and 18.9–18.9.2. An authenticated user could gain unauthorized access to confidential issue titles in public projects under certain circumstances. The remediation addresses these releases; the advisory does not p...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

PT-2025-53092

Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...

EUVD-2025-198443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

Sensitive Information Exposure

com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...

Siemens SIMATIC Devices Improper Removal of Sensitive Information Before Storage or Transfer (CVE-2024-26816)

x86, relocs: relocations in .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the startupxen entry point. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

PT-2025-43216

Name of the Vulnerable Software and Affected Versions Rajan Vijayan WP Smart Flexslider versions through 2.5 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This allows an attacker to...

EUVD-2024-23268

Malicious code in bioql PyPI...

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

Linux Distros Unpatched Vulnerability : CVE-2022-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...

CVE-2022-3639

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage...

The vulnerability of the NTPSyncWithHost() function in TOTOLINK CA600-PoE router’s software allows a hacker to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in TOTOLINK CA600-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration...

Dell PowerProtect Cyber Recovery 安全漏洞

Dell PowerProtect Cyber Recovery is a cyber security solution for protecting and recovering critical data. An information disclosure vulnerability exists in Dell PowerProtect Cyber Recovery. The vulnerability stems from a failure to properly handle sensitive information and can be exploited by an...

CVE-2024-42208

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

CVE-2024-23563

HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

The vulnerability in the web interface of the microprogramming software for wireless client bridges from HPE Aruba Networking 501 allows a attacker to execute arbitrary code in the device’s basic operating system.

The vulnerability of the web interface for managing microprogramming software in HPE Aruba Networking 501 wireless client bridges is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL Corporation, USA. A security vulnerability exists in HCL Connections that stems from vulnerability to an information disclosure vulnerability that allows users to access sensitive information to which they are not entitled...

Out-of-bounds Write

libzephyr.so is vulnerable to Out-of-bounds Write.The vulnerability is caused due to improper handling of data sizes in the getattsearchlist function in bluetooth/host/sdp.c, which can lead to a crash when passing a dataelem of size greater than 10...