CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

DoS (Denial of Service) in Confluence Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-48976 was introduced in versions 7.19 of Confluence Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

CVE-2025-22166

CVE-2025-22166 is a Denial of Service vulnerability affecting Atlassian Confluence Data Center. Introduced in Confluence Data Center 2.0, it enables an unauthenticated remote attacker to render the host unavailable by disrupting services, with high impact on availability. The advisory recommends ...

CVE-2023-22055

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

PT-2024-24209 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.2.7 Concrete CMS versions 8.5.15 and earlier Description: The issue is related to Stored XSS in blocks of type file, which could be caused by a rogue administrator adding malicious code to the link-text...

CVE-2024-2179

Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit t...

PortlandLabs Concrete CMS Cross-Site Scripting Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A cross-site scripting vulnerability exists in PortlandLabs Concrete CMS versions prior to 9.2.7, which stems from insufficient validation of data provided by the...

PT-2023-4036 · Oracle · Jd Edwards Enterpriseone Orchestrator

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Orchestrator versions prior to 9.2.7.4 Description: The issue is related to the E1 IOT Orchestrator Security component of the JD Edwards EnterpriseOne Orchestrator product. It allows a low-privileged attacker with...

CVE-2023-21927

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Interoperability SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

PT-2022-7267 · Atlassian · Bamboo Server +1

Name of the Vulnerable Software and Affected Versions: codeplex-codehaus affected versions not specified Bamboo Data Center and Server versions 9.2.1 through 9.2.7 Description: A flaw was found in codeplex-codehaus, allowing a directory traversal attack to access files and directories stored...

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

Foxit Reader and Foxit PhantomPDF for Windows Buffer Overflow Vulnerability

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. An out-of-bounds read vulnerability exists in the handling of Array.prototype.concat in Foxit Reader 9.2.0.9297 and earlier version...

postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...