Lucene search
K

4123 matches found

CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

October 跨站脚本漏洞

October is an open-source content management system CMS and online platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of marker class field inputs in the backend editor...

5.4CVSS5.7AI score0.00252EPSS
Exploits0References2
Veeam
Veeam
added 2026/03/25 12:0 a.m.40 views

Support Statement — Exchange Web Services (EWS) Deprecation

Challenge Microsoft has announced the deprecation of Exchange Web Services EWS in Exchange Online, with the initial phase-out target of October 1, 2026. Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 currently leverage EWS for Exchange Online backup functionality. Note: Thi...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:57 p.m.4 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:23 p.m.7 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

5.3CVSS7AI score0.01157EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:21 p.m.8 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

5.3CVSS7AI score0.01157EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/11 7:9 a.m.4 views

CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

9.4CVSS5.8AI score0.00389EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/03/10 2:0 p.m.18 views

March 10, 2026—KB5078775 (Monthly Rollup)

March 10, 2026—KB5078775 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...

8.8CVSS6.9AI score0.04491EPSS
Exploits11
Vulnrichment
Vulnrichment
added 2026/02/18 12:9 p.m.4 views

CVE-2025-7630 OTP Password Brute Forcing in DorukNet's Wispotter

Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, Brute Force. This issue affects Wispotter: from 1.0 before v2025.10.08.1...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.14 views

February 10, 2026—KB5075971 (Monthly Rollup)

February 10, 2026—KB5075971 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

8.8CVSS7.5AI score0.25835EPSS
Exploits8
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.3 views

October 2025 Burp Cross Site Scripting Cheatsheet

This is Portswigger's really useful cross site scripting cheatsheet. Last updated in October of 2025...

4.7AI score
Exploits0
Ivanti
Ivanti
added 2026/02/09 8:55 p.m.35 views

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

8.6CVSS6.4AI score0.81089EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/02/03 12:16 a.m.10 views

CVE-2025-61637

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...

4.8CVSS5.9AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/03 12:16 a.m.5 views

CVE-2025-61636

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

4.8CVSS5.9AI score0.00211EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/03 12:16 a.m.3 views

CVE-2025-61635

Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...

5.9AI score0.00356EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.6 views

Oracle GoldenGate Multiple vulnerabilities 19.1.x < 19.29.0.0.251021 / 21.19.x < 21.20.0.0 / 23.9.x < 23.10.0.25.10 (October 2025 CPU)

The 19.1.x / 21.19.x / 23.9.x versions of GoldenGate installed on the remote host are affected by a vulnerability as referenced in the October 2025 CPU advisory. - Security-in-Depth issue in Oracle GoldenGate component: OGG Configuration Assistant JSON-java. This vulnerability cannot be exploited...

7.5CVSS6.2AI score0.01449EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/23 4:16 a.m.7 views

CVE-2025-11002

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on...

7.8CVSS7.4AI score0.00517EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/21 6:6 p.m.8 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU -October 2025 - Includes OpenJDK October 2025 CPU vilnerabilities

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - October 2025 - Includes OpenJDK October 2025 CPU vilnerabilities with CVEs CVE-2025-53057, CVE-2025-53066 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

7.5CVSS5.5AI score0.00633EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.4 views

CVE-2025-61674

October is a Content Management System CMS and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting XSS vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the styleshee...

6.1CVSS5.7AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2025-12420

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.9AI score0.4549EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/13 12:30 a.m.6 views

EUVD-2025-206275

A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update...

10CVSS6.5AI score0.4549EPSS
Exploits0References2
Rows per page
Query Builder