CVE-2026-1182

GitLab CE/EE patched CVE-2026-1182 affecting all versions: 8.14–18.7.6, 18.8–18.8.6, and 18.9–18.9.2. An authenticated user could gain unauthorized access to confidential issue titles in public projects under certain circumstances. The remediation addresses these releases; the advisory does not p...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

PT-2025-53092

Name of the Vulnerable Software and Affected Versions Kodezen LLC Academy LMS versions through 3.4.0 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Stored Cross-site Scripting XSS condition. This allows an attacker to...

EUVD-2025-198443

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nelio Software Nelio Popups nelio-popups allows Stored XSS.This issue affects Nelio Popups: from n/a through = 1.3.0...

Sensitive Information Exposure

com.liferay.portal.template.freemarker is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper data handling in Freemarker templates, where sensitive user data is unintentionally included in the template context, allowing an unauthorized actor to access and potential...

Siemens SIMATIC Devices Improper Removal of Sensitive Information Before Storage or Transfer (CVE-2024-26816)

x86, relocs: relocations in .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the startupxen entry point. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

PT-2025-43216

Name of the Vulnerable Software and Affected Versions Rajan Vijayan WP Smart Flexslider versions through 2.5 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting XSS. This allows an attacker to...

EUVD-2024-23268

Malicious code in bioql PyPI...

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

Linux Distros Unpatched Vulnerability : CVE-2022-3639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all...

CVE-2022-3639

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage...

CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration...

Dell PowerProtect Cyber Recovery 安全漏洞

Dell PowerProtect Cyber Recovery is a cyber security solution for protecting and recovering critical data. An information disclosure vulnerability exists in Dell PowerProtect Cyber Recovery. The vulnerability stems from a failure to properly handle sensitive information and can be exploited by an...

CVE-2024-42208

HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

CVE-2024-54016

Improper Handling of Highly Compressed Data Data Amplification vulnerability in Apache Seata incubating. This issue affects Apache Seata incubating: through =2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue...

CVE-2024-23563

HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL Corporation, USA. A security vulnerability exists in HCL Connections that stems from vulnerability to an information disclosure vulnerability that allows users to access sensitive information to which they are not entitled...

Out-of-bounds Write

libzephyr.so is vulnerable to Out-of-bounds Write.The vulnerability is caused due to improper handling of data sizes in the getattsearchlist function in bluetooth/host/sdp.c, which can lead to a crash when passing a dataelem of size greater than 10...

PT-2024-3629 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 Description: The issue is related to an improper handling of unexpected data type, which could be exploited by a remote unauthenticated attacker to cause a denial of service. Recommendation...

BIT-GITLAB-2022-3639

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage...