CVE-2026-47153

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

EUVD-2026-39411

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

CVE-2026-6432

The CVE-2026-6432 entry concerns EmberZNet SDK versions 9.0.2 and earlier, with a root cause of improper bounds validation. This can lead to crashes or dynamic memory leakage. The available documents do not specify additional details such as affected products beyond EmberZNet SDK, release version...

CVE-2026-47150

The advisory concerns EmberZNet v9.0.2 and earlier where malformed IAS Zone enrollment messages can trigger an out-of-bounds write to a state-table, terminating the process. The write’s size/location are bounded, and only messages from devices that have already joined the network affect devices s...

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

CVE-2025-11787

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 操作系统命令注入漏洞

The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. An operating system command injection vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the presence of command injection in the GetDNS,...

Linux Distros Unpatched Vulnerability : CVE-2015-7104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...

IBM Engineering Systems Design Rhapsody 缓冲区错误漏洞

IBM Engineering Systems Design Rhapsody is a model-driven development MDD environment for systems engineering and software development provided by IBM. IBM Engineering Systems Design Rhapsody suffers from a stack buffer overflow vulnerability that stems from the program not properly checking...

WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin URL Shortener | Conversion Tracking | AB Testing | WooCommerce versions = 9.0.2...

Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

WordPress plugin teachPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-10306 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions 8 through 9.0.1 JetBrains TeamCity version 9.0.2 is not affected, so only versions prior to 9.0.2 are considered vulnerable. Description: The issue allows bypass of account-creation restrictions via a crafted...

Intel SUR 代码问题漏洞

Intel SUR is a Software Asset Manager software from Intel Corporation USA. A security vulnerability exists in IntelR SUR version 2.4.8902, which stems from an improper condition check in the software that could allow a privileged user to covertly enable denial of service via network access...

PT-2022-26971 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...

CVE-2022-30117

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

CVE-2022-29028

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...