54 matches found
Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance
Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...
Apache Traffic Server 安全漏洞
Apache Traffic Server ATS is a scalable HTTP proxy and caching server developed by the Apache Foundation in the United States. Versions of Apache Traffic Server 10.1.1 and earlier, as well as 9.2.12 and earlier versions, have security vulnerabilities. These vulnerabilities stem from defects in PO...
Zimbra Collaboration Suite(ZCS) 安全漏洞
Zimbra Collaboration Suite ZCS is an open-source collaboration suite developed by Zimbra Corporation. This product includes features such as WebMail, calendars, and contact management. Both the Zimbra Collaboration Suite 10.0 and 10.1 versions contained security vulnerabilities. These...
CVE-2026-32865 OPEXUS eComplaint and eCase insecure password reset
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...
CVE-2026-0977
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...
openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...
openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...
EUVD-2025-36565
DNN vulnerable to stored cross-site-scripting XSS via SVG upload...
CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...
Zimbra Collaboration 10.1.x < 10.1.5 Stored Cross-Site Scripting
According to its banner, the version of Zimbra Collaboration running on the remote host is 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.5. It is, therefore, affected by a Stored Cross-Site Scripting XSS vulnerability due to insufficient sanitization of HTML content in ICS files. Note that the...
OpenSSH 安全漏洞
OpenSSH OpenBSD Secure Shell is a Canadian OpenBSD open source set of connection tools for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, and...
Dotnetnuke < 10.1.0 Stored XSS Using Backend Admin Credentials (CVE-2025-59546)
According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.1.0. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1....
CVE-2025-59539
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if that field is not rich-text, users could inject javascript code that would run in the context of the websit...
CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module titles that could include javascript which could be used for XSS based attacks. This issue has been patched ...
PT-2025-39200
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Versions prior to 10.1.0 have a javascript injection issue related to specially crafted URLs to the...
CVE-2025-49430
CVE-2025-49430 concerns the FWDesign Ultimate Video Player plugin for WordPress (versions through 10.1). A Server-Side Request Forgery (SSRF) vulnerability exists in the plugin, enabling an attacker to induce the server to make arbitrary requests. The issue is documented across multiple sources (...
CVE-2025-49432 WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability
Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...
WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Anhchangmutrang in WordPress Plugin Ultimate Video Player versions = 10.1...
CVE-2024-11442
The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes...