134 matches found
EUVD-2026-34184
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
CVE-2026-22055
Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
CVE-2026-22054
Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...
CVE-2026-22054
CVE-2026-22054 affects Active IQ Config Advisor 6.7.3 and involves hard-coded credentials that could enable an authenticated, low-privilege attacker to perform unauthorized AutoSupport operations. The CVSS vector indicates network access, low attack complexity, and low privileges required with im...
PT-2026-46068
Name of the Vulnerable Software and Affected Versions Active IQ Config Advisor version 6.7.3 Description Hard-coded credentials exist within the software, which could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. Recommendations At the moment,...
Oracle Payroll 安全漏洞
Oracle Payroll is an enterprise payroll calculation and payment management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Self Service Manager component, whi...
Oracle REST Data Services 安全漏洞
Oracle REST Data Services is a middleware tool provided by Oracle, Inc., in the United States, that exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem from...
Oracle Flow Manufacturing 安全漏洞
Oracle Flow Manufacturing is a production and manufacturing process management system developed by Oracle, a company in the United States. Versions 12.2.9 to 12.2.15 of Oracle Flow Manufacturing contain security vulnerabilities. These vulnerabilities stem from issues with the Security component,...
CVE-2026-34686
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
CVE-2026-34686
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...
Adobe Commerce 跨站脚本漏洞
Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. Versions of Adobe Commerce such as 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17, and earlier versions contain a cross-site scripting vulnerability. Thi...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is a relational database management system developed by Oracle Corporation. Versions 9.0.0 to 9.6.0 of Oracle MySQL Server contain security vulnerabilities. These vulnerabilities stem from issues with the Server: Optimizer component, which may allow attackers with low privileg...
Oracle MySQL Server 安全漏洞
Oracle MySQL Server is a relational database management system developed by Oracle Corporation. Vulnerabilities exist in versions 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0 of Oracle MySQL Server. These vulnerabilities stem from issues with the Server: Group Replication Plugin component...
Cisco ThousandEyes Enterprise Agent 安全漏洞
Cisco ThousandEyes Enterprise Agent is an application developed by Cisco, a US-based company. It provides extended visibility, automated insights, and seamless workflows. There is a security vulnerability in Cisco ThousandEyes Enterprise Agent, which stems from improper access control in the loca...
CVE-2026-27253
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
EUVD-2026-11016
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
EUVD-2026-10987
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
EUVD-2026-11005
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
EUVD-2026-11018
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2026-27265
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...