PT-2026-29640

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

MiracleLinux 8 : pki-core:10.6 (AXSA:2022-4440:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4440:01 advisory. pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 Tenable has extracted the preceding description block directly from the...

EUVD-2020-21042

Malware in sbrugna...

EUVD-2021-26254

Malware in sbrugna...

EUVD-2023-59686

Malicious code in bioql PyPI...

RHSA-2025:14118 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2021-39898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was...

WordPress WP Booking Calendar plugin <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by zhenhua fan in WordPress Plugin Booking Calendar versions = 10.6...

PT-2024-39560 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar plugin for WordPress versions up to, and including, 10.6 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows...

BIT-GITLAB-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

BIT-GITLAB-2023-3979 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

GitLab 10.6 < 13.8.7 / 13.9 < 13.9.5 / 13.10 < 13.10.1 (CVE-2021-22197)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target...

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in Apache Struts (CVE-2023-34149)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a...

ManageEngine ServiceDesk Plus MSP < 10.6 Build 10611 / 13.0 Build 13004

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 10.6 Build 10611, 13.0 Build 13004. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspcve-2023-22964 advisory. - Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x...

CVE-2023-4630

Removed by vendor...

ALPINE-CVE-2022-27381

An issue in the component Field::setdefault of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

GitLab 9.2.x - 10.4.6, 10.5.x - 10.5.6, 10.6.x - 10.6.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Cross site scripting

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2020 Vulnerability Details CVEID: CVE-2020-4688 DESCRIPTION: IBM Security Guardium could allow a local...