Lucene search
K

54 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:29 a.m.8 views

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

3.6CVSS6.7AI score0.00221EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Apache Traffic Server 安全漏洞

Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...

7.5CVSS7.4AI score0.00673EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.5 views

Zimbra Collaboration Suite(ZCS) 安全漏洞

Zimbra Collaboration Suite ZCS is an open-source collaboration suite developed by Zimbra Corporation. This product includes features such as WebMail, calendars, and contact management. Both the Zimbra Collaboration Suite 10.0 and 10.1 versions contained security vulnerabilities. These...

6.1CVSS5.7AI score0.00223EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/19 3:47 p.m.4 views

CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:11 p.m.2 views

CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

5.1CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/13 8:57 a.m.5 views

Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

8.7CVSS5.7AI score0.00498EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/02/03 7:4 a.m.5 views

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

3.6CVSS6.7AI score0.00114EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/12/17 4:48 p.m.2 views

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

3.6CVSS6.7AI score0.00114EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/29 9:47 p.m.13 views

EUVD-2025-36565

DNN vulnerable to stored cross-site-scripting XSS via SVG upload...

6.4CVSS5.8AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/28 9:42 p.m.7 views

CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

4.3CVSS0.00214EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/21 12:0 a.m.3 views

Zimbra Collaboration 10.1.x < 10.1.5 Stored Cross-Site Scripting

According to its banner, the version of Zimbra Collaboration running on the remote host is 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.5. It is, therefore, affected by a Stored Cross-Site Scripting XSS vulnerability due to insufficient sanitization of HTML content in ICS files. Note that the...

5.4CVSS5.5AI score0.04241EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.1 views

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a Canadian OpenBSD open source set of connection tools for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, and...

3.6CVSS9.4AI score0.00221EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.5 views

Dotnetnuke < 10.1.0 Stored XSS Using Backend Admin Credentials (CVE-2025-59546)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....

4.8CVSS5.4AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 6:15 p.m.3 views

CVE-2025-59539

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...

6.3CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/23 5:41 p.m.2 views

CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...

2.4CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.3 views

PT-2025-39200

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Versions prior to 10.1.0 have a javascript injection issue related to specially crafted URLs to the...

6.1CVSS7AI score0.00175EPSS
Exploits0References6
CVE
CVE
added 2025/09/09 4:26 p.m.10 views

CVE-2025-49430

CVE-2025-49430 concerns the FWDesign Ultimate Video Player plugin for WordPress (versions through 10.1). A Server-Side Request Forgery (SSRF) vulnerability exists in the plugin, enabling an attacker to induce the server to make arbitrary requests. The issue is documented across multiple sources (...

7.2CVSS5.9AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 3:13 p.m.13 views

CVE-2025-49432 WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...

5.3CVSS0.00275EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/10 1:12 a.m.5 views

WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin Ultimate Video Player versions = 10.1...

7.2CVSS7AI score0.0023EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.4 views

CVE-2024-11442

The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS5AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder