9 matches found
EUVD-2026-0849
Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the...
Atlassian Jira Service Management Data Center and Server 5.10.0 < 5.12.26 / 10.0.x < 10.3.10 / 10.4.x < 10.7.3 / 11.0.x < 11.2.0 (JSDSERVER-16435)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16435 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...
CVE-2025-58443 FOG's authentication bypass leads to full SQL DB dump
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...
OESA-2025-1818 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1817 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
OESA-2025-1815 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Allocation of resources for...
PT-2022-27220 · Zenphoto · Zenphoto
Name of the Vulnerable Software and Affected Versions: Zenphoto versions prior to 1.6 Description: The issue allows a remote authenticated attacker with administrative privileges to inject an arbitrary script, exploiting a stored cross-site scripting vulnerability. Recommendations: For versions...
PT-2020-14624 · Gradle · Maven Extension Plugin
Name of the Vulnerable Software and Affected Versions: Maven Extension plugin versions prior to 1.6 for Gradle Enterprise Description: An issue was discovered in the Maven Extension plugin, where the extension uses a socket connection to send serialized Java objects. Deserialization is not...
PT-2011-4741 · Unknown · Black-Letterhead
Name of the Vulnerable Software and Affected Versions: Black-LetterHead theme version 1.5 and earlier Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the PATH INFO to index.php. Recommendations: F...