89 matches found
PT-2026-38686
Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...
EUVD-2025-209025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
EUVD-2026-15536
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...
CVE-2026-22523 WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themepassion Ultra WordPress Admin ultra-admin allows Reflected XSS.This issue affects Ultra WordPress Admin: from n/a through = 11.7...
IBM InfoSphere Information Server Information Disclosure Vulnerability (7009205)
The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.4. It is, therefore, potentially affected by an information disclosure vulnerability: - IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive...
WordPress Ultra WordPress Admin plugin <= 11.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultra WordPress Admin versions = 11.7...
CVE-2025-57783
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...
CVE-2025-57784
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2025-57783
Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver...
CVE-2025-57785
CVE-2025-57785 — Double Free in XSLT show_index (Hiawatha Webserver) Affected software: Hiawatha webserver versions 10.8.2 through 11.7 (as cited by Red Hat and CVE trackers). Technical detail: The vulnerability is a double free in the XSLT function show_index, a memory management error that may ...
CVE-2025-57785 Double free in XSLT in 'show_index'
A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...
Hiawatha security vulnerabilities
Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by a double release in the XSLT...
Hiawatha security vulnerabilities
Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by improper header parsing. Thi...
Hiawatha security vulnerabilities
Hiawatha is a security web server developed by Hugo Leisink for Unix systems. This product can prevent attacks such as XSS, SQL injection, and CSRF, and it also offers server monitoring capabilities. Version 11.7 of Hiawatha contains a security vulnerability caused by the use of strcmp, which may...
PT-2026-4797
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
EUVD-2025-201833
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2025-60936
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...
EUVD-2025-31657
Malicious code in bioql PyPI...
Delinea Secret Server 安全漏洞
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7 and earlier, which stems from insufficient validation of SQL report creation and could lead to administrator access to restricted tables...
IBM InfoSphere Information Server SQL注入漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An SQL injection vulnerability exists in IBM InfoSphere Information Server version 11.7 that ste...