CVE-2026-8980

The CVE-2026-8980 entry concerns the Mennekes Amtron series with firmware versions ≤ 5.22.3. Affected component: firmware handling privilege levels. The vulnerability allows an authenticated low-privileged user to escalate privileges by issuing crafted POST requests to change passwords for admin ...

GHSA-6HPG-8RX3-CWGV baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

EUVD-2026-12914

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size...

CVE-2026-1843 Super Page Cache <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...

Security Bulletin: Vulnerabilities inuptrace pgdriver affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability inuptrace pgdriver has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-44906 DESCRIPTION:...

CVE-2025-68071

CVE-2025-68071 describes an Insecure Direct Object Reference (IDOR) in the WordPress plugin “Essential Real Estate” (vendor: g5theme, affected: Essential Real Estate

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a RecursionError DOS in protobuf [CVE-2025-4565]

Summary IBM Watson Speech Services Cartridge is vulnerable to a RecursionError DOS in protobuf, due to an issue with the Protobuf Pure-Python backend CVE-2025-4565. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Node DOS vulnerability in Kubernetes [CVE-2025-0426]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Node DOS vulnerability in Kubernetes, due to a flaw in the kubelet read-only HTTP endpoint CVE-2025-0426. Kubernetes is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details for remediation...

CVE-2025-64112 Statmatic vulnerable to Stored Cross-Site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

UBUNTU-CVE-2025-54119

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database a...

UBUNTU-CVE-2025-46337

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

CVE-2023-47645

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User...

SUSE CVE-2012-5092

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management...

Horde Groupware Webmail Cross-Site Scripting Vulnerability (CNVD-2020-33657)

Horde Groupware Webmail is a browser-based, enterprise-class communications suite from Horde, Inc. A cross-site scripting vulnerability exists in the image viewing feature in Horde Groupware Webmail Edition prior to 5.2.22, which can be exploited to gain access to a user's Webmail account via a...