496 matches found
CVE-2026-32856
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
CVE-2026-47106
CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...
CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
EUVD-2026-35795
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
CVE-2026-32856 Ellucian Banner Self-Service Reflected XSS via dateConverter
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
CVE-2026-32856 Ellucian Banner Self-Service Reflected XSS via dateConverter
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.
Red Hat Developer Hub 1.10.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
PT-2026-48222
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...
PT-2026-48219
Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...
CVE-2026-11453
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
CVE-2026-11453
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
CVE-2026-11453
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
EUVD-2026-34984
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
CVE-2026-11453 Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
CVE-2026-11453 Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...
GO-2026-4960 Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server
Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server...
EUVD-2026-33049
Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Self Service Manager. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful...
Oracle Payroll 安全漏洞
Oracle Payroll is an enterprise payroll calculation and payment management system developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Payroll contain security vulnerabilities. These vulnerabilities stem from issues with the Self Service Manager component, whi...
CVE-2026-2740
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency...