CVE-2025-64493

In SuiteCRM versions 8.6.0–8.9.0, an authenticated, blind (time-based) SQL injection exists in the appMetadata operation of the GraphQL API, allowing extraction of arbitrary data without admin access. Affected component: GraphQL API, operation appMetadata. Root cause: improper handling/validation...

EUVD-2025-38346

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

CVE-2025-64492

SuiteCRM 8.9.0 and earlier are affected by a time-based blind SQL injection that requires authentication. The vulnerability lets an attacker infer data from the database by measuring response times, enabling enumeration of database, table, and column names and potentially extracting sensitive dat...

CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

EUVD-2022-49556

Malicious code in bioql PyPI...

CVE-2025-40704

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-40704

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

PT-2025-35206

Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: An issue exists in OpenAtlas that may allow a remote user to send specially crafted queries to an authenticated user and potentially steal their session cookie details. This is due to inadequate validation...

Atlassian Confluence Administrator Code Macro Remote Code Execution

This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...

Elasticsearch-hadoop 7.17.11 / 8.9.0 Security Update (ESA-2023-28)

Elasticsearch-hadoop Unsafe Deserialization ESA-2023-28 An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon W...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Vulnerability fixed in Elastic ElasticSearch

Elastic has fixed a vulnerability in ElasticSearch. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service. Elastic has released updates to fix the vulnerability in ElasticSearch 7.17.13 and 8.9.0. For more information, see: https://discuss.elastic.co/t...

CVE-2022-46774

IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953...

Atlassian Jira 8.9.0 < 8.9.1 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.5, 8.6.0 prior to 8.8.2 or 8.9.0 prior to 8.9.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which allows remote attackers to inject arbitrary...

CVE-2022-3480

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...

CVE-2022-3480 Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...

Phoenix Contact FL MGUARD DM 安全漏洞

PHOENIX CONTACT FL MGUARD DM is centralized device management software for MGUARD devices from PHOENIX CONTACT, Germany, for any number of devices in the field. A security vulnerability exists in the PHOENIX CONTACT FL MGUARD and TC MGUARD driver version 8.9.0 and prior versions, which originates...

Tenable Nessus 8.9.0 - 8.12.0 File Copy Vulnerability (TNS-2020-08) - Windows

Tenable Nessus is prone to a file copy vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus";...

Fedora 32 : drupal8 (2020-36d2db5f51)

https://www.drupal.org/project/drupal/releases/8.9.0 - https://www.drupal.org/project/drupal/releases/8.8.7 - https://www.drupal.org/project/drupal/releases/8.8.6 - SA-CORE-2020-002 / CVE-2020-11022 / CVE-2020-11023 - https://www.drupal.org/project/drupal/releases/8.8.5 Note that Tenable Network...