Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang. which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled...

Nokia Single RAN 安全漏洞

Nokia Single RAN is a wireless network technology from Nokia Finland. A security vulnerability exists in Nokia Single RAN 24R1-SR version prior to 1.0 MP, which originates from a stack overflow that could result in a restart of a service component...

Ocuco Innovation 安全漏洞

Ocuco Innovation is an integrated Laboratory Management System LMS from Ocuco Ireland, designed for laboratories performing edge grinding, freeform and conventional lens processing. A security vulnerability exists in Ocuco Innovation version 2.10.24.17, which stems from an authentication bypass...

IBL Software Engineering Visual Weather 安全漏洞

IBL Software Engineering Visual Weather is a visual weather application from IBL Software Engineering. A security vulnerability exists in IBL Software Engineering Visual Weather that stems from a misconfiguration of the PDS component, which allows remote execution of arbitrary Python code...

PT-2024-17736 · Unknown · X1A0He Adobe Downloader

Name of the Vulnerable Software and Affected Versions: X1a0He Adobe Downloader version 1.3.1 and earlier Description: A critical vulnerability was found in the X1a0He Adobe Downloader, affecting the shouldAcceptNewConnection function of the com.x1a0he.macOS.Adobe-Downloader.helper file in the XPC...

Oracle Siebel Server (July 2022 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the July 2022 CPU advisory. - Vulnerability in the Siebel Apps - Field Service product of Oracle Siebel CRM component: Smart Answer Apache PDFBox. Supported versions that are affected a...

CVE-2023-43449

An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component...

CVE-2023-39068

Buffer Overflow vulnerability in NBD80S09S-KLC v.YKHZXMNBD80S09S-KLCV4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YKHZXMNBD80N32RA-KLV4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component...

CVE-2023-26759

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component...

Memory corruption

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfgop.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed...

Cisco Firepower Management Center DoS (cisco-sa-ftdfmc-dos-NjYvDcLA)

According to its self-reported version, Cisco Firepower Management Center is affected by a denial of service DoS vulnerability in its licensing service component due to improper handling of system resource values. An unauthenticated, remote attacker can exploit this issue, by sending specially...

The vulnerability of the Self-Service component of the Oracle PeopleSoft Enterprise CS Campus Community application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Self-Service component of the Oracle PeopleSoft Enterprise CS Campus Community application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the SiTex development platform’s SiTex-Gosuslu component, related to insufficient protection of the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the SiTex-Service component of the distributed application development platform SiTex is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by manipulating the...

CVE-2018-6885

An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

Design/Logic Flaw

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

Design/Logic Flaw

The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...