IBM Aspera Shares Encryption Problem Vulnerability (CNVD-2026-16873)

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

CVE-2025-66484

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-66483

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

EUVD-2025-209178

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

EUVD-2025-209184

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-66487

IBM Aspera Shares (1.9.9–1.11.0) is affected by CVE-2025-66487 due to insufficient rate limiting on authenticated users sending emails, which could enable email flooding or a denial of service. The IBM bulletin lists this CVE among multiple fixes addressed in version 1.11.1. The remediation is to...

CVE-2025-66485

CVE-2025-66485 is an HTTP header injection vulnerability in IBM Aspera Shares (versions 1.9.9–1.11.0). The Root Cause is improper validation of HOST header input, enabling attackers to craft requests that may lead to cross-site scripting, cache poisoning, or session hijacking. IBM has addressed t...

CVE-2025-66484 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EUVD-2025-209172

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-13916 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Aspera Shares 加密问题漏洞

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

WordPress Responsive Blocks plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Responsive Blocks versions = 1.9.9...

WordPress plugin Responsive Blocks – WordPress Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Responsive Blocks...

WordPress Stray Random Quotes Plugin <= 1.9.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Stray Random Quotes versions = 1.9.9...

PT-2024-36681 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions 1.9.9 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can be exploited by uploading malicious files,...

PT-2024-36678 · Vibethemes · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions 1.9.9 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This vulnerability affects the VibeThemes WPLMS plugin. Recommendations: For versions...

WordPress plugin The Uix Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin The Uix...

PT-2024-23139 · WordPress · Compact Wp Audio Player

Name of the Vulnerable Software and Affected Versions: Compact WP Audio Player versions 1.9.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

UBUNTU-CVE-2021-38698

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...