PT-2026-40029

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-54148

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-47209 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

CVE-2025-44014

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 2025/07/09 and la...

CVE-2025-44014

CVE-2025-44014 affects QNAP Qsync Central prior to 5.0.0.1. The root cause is an out-of-bounds write that can allow a remote attacker with a user account to modify or corrupt memory. Public docs describe the impact as memory modification/corruption with high severity, and the issue is mitigated b...

SUSE SLES12 Security Update : regionServiceClientConfigEC2 (SUSE-SU-2025:03170-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:03170-1 advisory. This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 - SLE 16 python-requests...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS version 5.0.0 suffers from a security vulnerability, no details of the vulnerability are provided at this time...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

MITRE Caldera 安全漏洞

MITRE Caldera is a MITRE open source automated adversarial simulation platform. A security vulnerability exists in MITRE Caldera versions 4.2.0 and earlier and 5.0.0 and earlier, which stems from remote code execution in the Dynamic Proxy Compilation feature and allows an attacker to execute...

IBM DevOps Velocity和IBM UrbanCode Velocity 安全漏洞

IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...

SICK InspectorP61x和SICK InspectorP62x 安全漏洞

The SICK InspectorP61x and SICK InspectorP62x are both ultra-compact industrial 2D vision sensors from SICK, Germany. A security vulnerability exists in the SICK InspectorP61x version prior to 5.0.0 and InspectorP62x version prior to 5.0.0, which stems from an unverified firmware update that allo...

IBM Aspera 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.6, which stems from the application's lack of effective filtering...

JFinalCMS SQL注入漏洞

JFinalCMS is a content management system. JFinalCMS version 5.0.0 suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the file /admin/divdata/delete. An attacker can exploit this vulnerability to execute illegal SQL comman...

JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-02993)

JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...

PT-2024-10238 · Ibm · Ibm Devops Velocity +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...

GHSA-XV7P-JW46-8R85 Cross-site Scripting in JFinalcms

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting XSS in the site management office...

GHSA-R7W2-J96V-VW8M Cross-Site Request Forgery in JFinalCMS via /admin/slide/update

JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/slide/update...