12 matches found
iboss Secure Web Gateway - Stored Cross-Site Scripting
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Rational Business Developer.
Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - July 2022. Vulnerability Details CVEID:CVE-2022-21541...
GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking
Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...
EUVD-2026-27556
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
Allocation of Resources Without Limits or Throttling
Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the /server-islands/name route handler, which buffers and parses the entire request body as JSON without enforcing a size...
CVE-2025-64520
GLPI CVE-2025-64520 affects versions 9.1.0 up to (but not including) 10.0.21, where an unauthorized API user can read all knowledge base entries. Root cause: insufficient API authorization. Impact: confidentiality high; integrity/availability not affected per disclosure. Remediation: upgrade to 1...
GHSA-6465-JGVQ-JHGP Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`
Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When sendDefaultPii: true was set, a few headers that were previously redacted - including Authorization and Cookie - were...
CVE-2025-34522
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...
CVE-2025-34522 Arcserve UDP < 10.2 Pre-Authentication Heap Overflow
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...
Detection of Error Condition Without Action
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Detection of Error Condition Without Action due to a bug in the CKEditor 5 module that incorrectly handles image uploads. An...
PT-2023-21942 · Veritas · Veritas Netbackup
Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0 Description: A vulnerability exists in the way the client validates the path to a DLL prior to loading, which may allow a lower-level user to elevate privileges and compromise the system...
PT-2021-8817 · Apereo · Apereo Opencast
Name of the Vulnerable Software and Affected Versions: Apereo Opencast versions 4.x through 10.x before 10.6 Description: An issue was discovered in Apereo Opencast where it sends system digest credentials during authentication attempts to arbitrary external services in some situations. This occu...