Lucene search
K

77 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:4 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security ( CVE-2025-14917)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security CVE-2025-14917. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS5.8AI score0.00355EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/05/20 6:31 p.m.10 views

EUVD-2026-31129

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 6:31 p.m.11 views

EUVD-2026-31130

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

8.8CVSS5.8AI score0.00198EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 12:0 a.m.10 views

CVE-2026-44923

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.50 views

CVE-2026-5340 Fancy Image Show <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fancy-img-show shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 3:44 p.m.6 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS7.4AI score0.00382EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.12 views

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...

8.8CVSS5.9AI score0.00311EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/31 9:0 p.m.2 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:40 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049.

Summary IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

7.1CVSS7.2AI score0.00311EPSS
Exploits2Affected Software1
CVE
CVE
added 2026/03/26 3:37 a.m.16 views

CVE-2026-2931

The CVE-2026-2931 entry concerns the Amelia Booking plugin for WordPress (versions up to and including 9.1.2). The vulnerability is an Insecure Direct Object Reference that allows a user-controlled access to objects, enabling authenticated users with customer-level permissions or higher to change...

8.8CVSS5.8AI score0.00382EPSS
In wildExploits0References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.9 views

EUVD-2026-12182

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 3:33 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

8.2CVSS5.5AI score0.00296EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:22 a.m.5 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.4 views

PT-2026-3448

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.1.0 Description A security issue exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters. For example, using /%61dmin instead of /admin...

8.8CVSS5.3AI score0.00457EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.12 views

CVE-2025-67279

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format...

5.3CVSS7.5AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/07 5:25 a.m.21 views

CVE-2025-14835 WP Photo Album Plus <= 9.1.05.008 - Reflected Cross-Site Scripting

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.1CVSS0.0023EPSS
Exploits0References6
CVE
CVE
added 2025/12/16 9:59 p.m.21 views

CVE-2025-64520

GLPI CVE-2025-64520 affects versions 9.1.0 up to (but not including) 10.0.21, where an unauthorized API user can read all knowledge base entries. Root cause: insufficient API authorization. Impact: confidentiality high; integrity/availability not affected per disclosure. Remediation: upgrade to 1...

6.5CVSS6.3AI score0.00186EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/16 12:56 a.m.9 views

CVE-2025-68115

Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/16 12:56 a.m.1 views

CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References3
Rows per page
Query Builder