EUVD-2026-14982

Astro: Unauthenticated Path Override via x-astro-path / xastropath...

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-33768

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-2954

A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a manipulation of the argument driverClassName/url results in injection. It is possible to initiate th...

CVE-2026-2954

Dromara UJCMS 10.0.2 is affected in the ImportDataController.importChanel (file /api/backend/ext/import-data/import-channel). The root cause is injection via manipulation of the arguments driverClassName and url, enabling remote exploitation. Public exploit details exist. Red Hat and PT-Security ...

MAL-2025-192259 Malicious code in unified11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2da60b6c513002dadf0ea32c3293c0c1f0e73d8db20f85baf9b207fff1311569 The package unified11 was found to contain malicious code. Source: ghsa-malware 0234999818b5c6447b46c2551778c8daea15a41767afd1270af691c637d8ea9d Any...

CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

CVE-2025-49042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 10.0.2...

WordPress plugin WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-22166

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

EUVD-2025-35185

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

EUVD-2022-52729

Malicious code in bioql PyPI...

DoS (Denial of Service) Third-Party Dependency in Confluence Data Center and Server - CVE-2025-22166

This High severity DoS Denial of Service vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely...

Linux Distros Unpatched Vulnerability : CVE-2022-31056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected version...

CVE-2025-36003

CVE-2025-36003 affects IBM Security Verify Governance with Identity Manager 10.0.2. The vulnerability arises from returning detailed technical error messages, enabling a remote attacker to obtain sensitive information about the system (information disclosure). Affected components include the Iden...

PT-2025-34955

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance Identity Manager version 10.0.2 Description: IBM Security Verify Governance Identity Manager 10.0.2 may allow a remote attacker to obtain sensitive information through detailed technical error messages. This...

IBM Security Verify Governance 安全漏洞

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define, and control user access and access risk. A security vulnerability exists in IBM Security Verify Governance version...

CVE-2019-17223

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...

CVE-2019-7488

Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version 10.0.2 and earlier...

PT-2025-15695 · Ibm · Ibm Security Verify Governance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Governance version 10.0.2 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...