CVE-2021-35562

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access vi...

CVE-2025-24608

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Mail Queue gd-mail-queue allows Reflected XSS.This issue affects GD Mail Queue: from n/a through = 4.3...

CVE-2022-48596

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

CVE-2020-14855

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Univers...

CVE-2020-14862

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3 - 12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal...

CVE-2020-2818

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager...

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.250 and more Source cves: CVE-2025-23015 Source advisory:...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc

Summary IBM MQ Operator and Queue manager container images are vulnerable to kerberos 5, libxml2, go-jose, runc. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2024-26461 DESCRIPTION: Kerberos 5 is vulnerable to a denial of service,...

SUSE-SU-2025:20067-1 Security update for libdb-4_8

This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: - Fixed several possible crashes when running dbverify on a corrupted database...

Security update for libdb-4_8

This update for libdb-48 fixes the following issues: CVE-2019-2708: Fixed data store execution leading to partial DoS bsc1174414 Changes: libdb: Data store execution leads to partial DoS Backport the upsteam commits: Fixed several possible crashes when running dbverify on a corrupted database...

SUSE-SU-2025:20008-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlogrecoverprocessdata bsc1228408. - CVE-2024-41013: xfs: do not walk off the end of a directory data block bsc1228405...

PT-2025-20511

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been identified where the task management thread accesses an invalid queue ID, set by the reset thread, which points to unallocated memory, causing a cras...

CVE-2025-24608

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Mail Queue gd-mail-queue allows Reflected XSS.This issue affects GD Mail Queue: from n/a through = 4.3...

CVE-2025-24608 WordPress GD Mail Queue Plugin <= 4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Milan Petrovic GD Mail Queue gd-mail-queue allows Reflected XSS.This issue affects GD Mail Queue: from n/a through = 4.3...

CVE-2025-24608

CVE-2025-24608 refers to the WordPress GD Mail Queue plugin with a reflected XSS issue caused by improper input neutralization during page generation. Affected versions are up to 4.3 (vendor references vary; some sources list n/a through 4.3). The root cause and impact are stated in multiple reco...

WordPress plugin GD Mail Queue 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5443 · Unknown · Gd Mail Queue

Name of the Vulnerable Software and Affected Versions: GD Mail Queue versions n/a through 4.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...