CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

CVE-2025-15395

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability...

CVE-2025-15395

CVE-2025-15395 affects IBM Engineering Lifecycle Management - Jazz Foundation. The vulnerability is an access control violation in Jazz Foundation components: IBM Jazz Foundation 7.0.3 with iFix019 and 7.1.0 with iFix005. Root cause details are not expanded beyond the access-control bypass in the...

CVE-2025-12521

The CVE-2025-12521 entry concerns the Analytify Pro WordPress plugin (versions up to and including 7.0.3) with an unauthenticated information exposure vulnerability. Reports indicate that sensitive information (specifically usernames found in source code) can be exposed via the Analytify Tag HTML...

Malicious code in tchap-landing-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a47896f1d10057842a762f26491de66766a94e8c1361012f7baaf714c874ecfa Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin Events Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

UBUNTU-CVE-2024-24568

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3...

CVE-2022-1731

Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist...

Cisco Video Communications Server Command Injection Vulnerability

Cisco Video Communications Server VCS is a video communications server for videoconferencing solutions from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco VCS X versions prior to 7.0.3, which stems from the possibility that the program may fail to properly handle...

Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2018-13454)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the product/card.php...

UBUNTU-CVE-2018-13449

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statutbuy parameter...

OpenProject Session Hijacking Vulnerability

OpenProject is an open source Web-based project management software . The software has project planning , task management , bug tracking and cost budgeting and other functions . A session hijacking vulnerability exists in OpenProject versions prior to 6.1.6 and 7.x versions prior to 7.0.3, which...

ImageMagick heap buffer overflow vulnerability (CNVD-2016-11688)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A heap buffer overflow vulnerability exists in ImageMagick version 7.0.3.6, which stems from the program failing to...