92 matches found
Seeyon FE Collaborative Office Platform 安全漏洞
Seeyon FE Collaborative Office Platform is a collaborative office platform from China-based Seeyon. A security vulnerability exists in Seeyon FE Collaborative Office Platform version 5.5.2, which stems from an incorrect operation of the parameter Name that can lead to SQL injection...
RHEL 9 : OpenShift Container Platform 4.13.55 (RHSA-2025:1118)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1118 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
CVE-2020-15263
In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4...
LogSign Unified SecOps Platform 输入验证错误漏洞
Logsign Unified SecOps Platform is a security operations platform from Logsign, Inc. for collecting, storing, analyzing, and responding to security data from a variety of sources. An input validation error vulnerability exists in LogSign Unified SecOps Platform versions prior to 6.4.26, which ste...
WordPress BuddyBoss Platform plugin < 2.6.0 - Insecure Direct Object Reference on Like Comment vulnerability
Insecure Direct Object Reference on Like Comment vulnerability discovered by Faris Krivi in WordPress Plugin Buddyboss Platform versions 2.6.0...
Baizhuo Network Smart s200 Management Platform Security Vulnerability
Baizhuo Network Smart s200 Management Platform is a network management platform from Baizhuo, China. A security vulnerability exists in Baizhuo Network Smart s200 Management Platform v.S200, which originates from a SQL injection vulnerability in the /importexport.php component...
CVE-2023-48658
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space...
CVE-2023-31242
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability...
PT-2023-24809 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An improper input validation vulnerability exists in the OAS Engine User Creation functionality. A specially crafted series of network requests can lead to unexpected data ...
PT-2023-26083 · Unknown · Tduck-Platform
Name of the Vulnerable Software and Affected Versions: tduck-platform version 4.0 Description: The issue allows attackers to execute arbitrary code via a crafted HTML file, exploiting an arbitrary file upload vulnerability. Recommendations: For tduck-platform version 4.0, update to a version that...
CVE-2023-34734
Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting XSS...
Stable Channel Update for ChromeOS
The Stable channel is being updated to 106.0.5249.112 Platform version: 15054.98.0 for most ChromeOS devices and will be rolled out over the next few days. For Chrome browser fixes, see the Chrome Desktop release announcement. If you find new issues, please let us know one of the following ways:...
PT-2022-3463 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...
Design/Logic Flaw
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static...
CVE-2020-4468
IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system wit...
CVE-2019-11963
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-5346
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-5357
A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
SGIN.CN xiangyun Platform Cross-Site Scripting Vulnerability
SGIN.CN xiangyun platform is a set of micro-business distribution platform of China Sanjin SGIN network technology company. A cross-site scripting vulnerability exists in the login.php file in version 9.4.1 of the SGIN.CN xiangyun platform. A remote attacker can use the 'loginurl' parameter to...
CVE-2017-8981
A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version 7.3 E0506 was found...