CVE-2025-12455 Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

CVE-2025-12455 Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X...

CVE-2025-14273

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions =4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, which allows an unauthenticated attacker who knows ...

CVE-2025-12689 DoS in Calls plugin via malformed UTF-8 in WebSocket request

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request...

CVE-2025-43990

Dell Command Monitor DCM, versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

pgcodekeeper 安全漏洞

pgCodeKeeper is an open source Eclipse plugin for database schema management from pgCodeKeeper. A security vulnerability exists in pgcodekeeper version 10.12.0, which stems from storing passwords and usernames in clear text and could lead to the disclosure of sensitive information...

EUVD-2025-25711

Malicious code in bioql PyPI...

CVE-2025-58748

CVE-2025-58748 affects DataEase up to version 2.10.12, where the H2 data source (H2.java) does not validate that a JDBC URL starts with jdbc:h2 . This enables a crafted configuration to substitute the Amazon Redshift driver and leverage socketFactory/socketFactoryArg to trigger a remote XML resou...

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

CVE-2025-58046

Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...

Linux Distros Unpatched Vulnerability : CVE-2016-4707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrar...

CVE-2025-43486

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43021

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update...

CVE-2025-43020

A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update...

HP Poly Clariti Manager SQL注入漏洞

HP Poly Clariti Manager is a centralized management, control and optimization of video conferencing infrastructure from Hewlett-Packard HP. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.1 that originates from a privileged user being able to execute SQL command...

HP Poly Clariti Manager devices 操作系统命令注入漏洞

HP Poly Clariti Manager devices is a device management system from Hewlett-Packard HP in the United States. An operating system command injection vulnerability exists in HP Poly Clariti Manager devices versions prior to 10.12.2, which originates from a privileged user being able to submit arbitra...

CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

WordPress Simple:Press plugin <= 6.10.11 - Cross-Site Request Forgery to Unauthorized Post Editing vulnerability

Cross-Site Request Forgery to Unauthorized Post Editing vulnerability discovered by 20kilograma in WordPress Plugin Simple:Press versions = 6.10.12...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of QPY files containing malformed symengine serialization streams. An attacker can terminate the process by sending a crafted QPY file. This is only exploitable if symengine =...