CVE-2026-2812

Summary: CVE-2026-2812 affects ArcGIS Server (12.0 and earlier) due to an improper authentication flaw in an undocumented administrative endpoint. An unauthenticated attacker can trigger a crafted request to that endpoint, potentially disrupting the web-based browsing interface. The available doc...

Exploit for Improper Handling of Exceptional Conditions in Newtonsoft Json.Net

Browser + CLI Demo NuGet/C — .NET 7 Edition Why a .NET...

IBM Guardium Data Protection 代码问题漏洞

IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. There are code-related vulnerabilities in versions 12.0, 12.1, and 12.2 of IBM Guardium Data Protection. These vulnerabilities stem from security...

CVE-2026-1274 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel...

CVE-2018-25246

Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash...

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

Security Bulletin: IBM webMethods Integration Server is vulnerable to HTML injection

Summary IBM webMethods Integration Sever is vulnerable to HTML injection in Security Claims UI. CVE-2025-14289. Vulnerability Details CVEID:CVE-2025-14289 DESCRIPTION: IBM webMethods Integration is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed...

CVE-2025-1910

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and includi...

CVE-2023-5435

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

GHSA-889J-63JV-QHR8 Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to OoM and subsequently the JVM to exit

Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specifi...

IBM InfoSphere Master Data Management 跨站脚本漏洞

IBM InfoSphere Master Data Management is a product information management software from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM InfoSphere Master Data Management versions 11.6, 12.0, and 14.0 that originates from stored cross-site scripting and coul...

Intrexx Portal Server 安全漏洞

Intrexx Portal Server is a cross-platform development environment from Intrexx Corporation. A security vulnerability exists in Intrexx Portal Server versions prior to 12.0.2. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

RuvarOA 安全漏洞

RuvarOA is an office automation system of China Ruvar Company. A security vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by a SQL injection vulnerability in the btid parameter of the /include/getdict.aspx file...

WordPress Plugin WP fade in text news SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WP fade in text news A SQL...

Huawei EMUI 安全漏洞

Huawei EMUI is an Android-based mobile operating system developed by Chinese company Huawei. A security vulnerability exists in Huawei EMUI version 12.0.0, which stems from a configuration flaw in the Secure Operating System module, and successful exploitation of this vulnerability will impact...

CVE-2022-30285

In Quest KACE Systems Management Appliance SMA through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials...

Quest KACE Systems Management Appliance 安全特征问题漏洞

The Quest KACE Systems Management Appliance Quest KACE SMA is an automated and simplified IT systems management platform from Quest Corporation. A security vulnerability exists in the Quest KACE Systems Management Appliance SMA version 12.0 and prior versions, which stems from a predictable token...

PT-2020-20607 · Isomorphic · Smartclient

Name of the Vulnerable Software and Affected Versions: SmartClient version 12.0 Description: An issue was discovered in the Remote Procedure Call RPC loadFile provided by the console functionality. The issue affects the /tools/developerConsoleOperations.jsp or /isomorphic/IDACall URL, where...

CVE-2017-6138

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of...

Mobotap Dolphin Browser for Android URI Scheme Resolution Vulnerability

Mobotap Dolphin Browser for Android is a web browser for the Android platform from MoboTap. A security vulnerability exists in version 12.0.2 of Dolphin Browser for Android. The vulnerability can be exploited to call private activities in Dolphin Browser via malicious URIs...