637 matches found
CVE-2025-31991 HCL DevOps Velocity is susceptible to brute-force attacks
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7...
CVE-2025-31991
CVE-2025-31991 affects HCL DevOps Velocity. The rate-limiting on login attempts is not properly enforced, allowing brute-force attempts beyond the unsuccessful-login threshold. Multiple sources (NVD/ENISA/CVE list) confirm the issue and state that it is fixed in version 5.1.7. The impact is pract...
HCL DevOps Velocity 安全漏洞
HCL DevOps Velocity is a pipeline orchestration and management tool used by HCL Company in India. Versions of HCL DevOps Velocity prior to 5.1.7 contained security vulnerabilities. These vulnerabilities were due to improper implementation of rate-limiting mechanisms for login attempts, which coul...
PT-2026-32380
Name of the Vulnerable Software and Affected Versions HCL DevOps Velocity versions prior to 5.1.7 Description Rate limiting for user login attempts is not properly enforced, making the system susceptible to brute-force attacks that exceed the unsuccessful login attempt limit. Recommendations Upda...
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...
EUVD-2026-20478
XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API...
GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API
Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...
CVE-2026-33229
XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
XWiki Platform 安全漏洞
The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 17.4.8 and 17.10.1 contained security vulnerabilities. These vulnerabilities stemmed from inadequate protection of the script API, allowing users with...
PT-2026-31324
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...
EUVD-2026-17201
OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...