Esri Portal for ArcGIS 11.4 / 11.5 / 12.0 < Security 2026 Update 1 Incorrect Authorization (CVE-2026-33519)

The version of Esri Portal for ArcGIS installed is 11.4, 11.5, or 12.0 and is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect authorization vulnerability exists in Portal for ArcGIS that did not correctly check permissions assigned to developer...

Esri Portal For ArcGIS 安全漏洞

Esri Portal for ArcGIS is a component offered by Esri that allows for sharing maps, scenarios, applications, and other geographic information with others within an organization. Versions 11.4, 11.5, and 12.0 of Esri Portal for ArcGIS have security vulnerabilities. These vulnerabilities stem from...

CVE-2020-10112

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached...

CVE-2023-45136

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

PT-2025-49156

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.4 WatchGuard Fireware OS versions 12.5 through 12.5.13 WatchGuard Fireware OS versions 2025.1 through 2025.1.2 Description An out-of-bounds write issue exists in the Command Line Interface CLI...

CVE-2025-59596

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash...

EUVD-2018-10242

Malware in sbrugna...

EUVD-2019-6673

Malware in sbrugna...

EUVD-2019-6667

Malware in sbrugna...

EUVD-2023-57750

Malicious code in bioql PyPI...

CVE-2025-6947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox...

CVE-2025-6999 WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability

An HTTP Request Smuggling CWE-444 vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting XSS attack.This issue affects Fireware OS: from 12.0 through 12.11.2...

WatchGuard Fireware OS Firebox 安全漏洞

WatchGuard Fireware OS Firebox is a network security hardware appliance from WatchGuard USA. A security vulnerability exists in WatchGuard Fireware OS Firebox versions 12.0 through 12.11.2, which stems from improper input neutralization in the SIP Proxy module and could lead to a stored cross-sit...

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

PT-2025-23047 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 12.0 Description: The issue allows a privileged user to download any file on the system due to improper escaping of input. Recommendations: For IBM Security Guardium version 12.0, consider restricting file access...

CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...

Eclipse Jetty DoS Vulnerability (GHSA-889j-63jv-qhr8) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

CVE-2024-45082

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displaye...

Security Bulletin: IBM Master Data Management is vulnerable to prototype pollution from vulnerability found in Dojo (CVE-2021-23450)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to prototype pollution from vulnerability found in Dojo. Dojo could allow a remote attacker to cause a denial of service, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an...

WordPress drop in image slideshow gallery Plugin <= 12.0 is vulnerable to Cross Site Scripting (XSS)

Software drop in image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51914 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a71fbc384972 Credits Zlrqh Required privilege...