CVE-2025-9661

Summary: CVE-2025-9661: OS command injection in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28. Affected products/versions: Hitachi VSP One Block 23, 24, 26 and 28 (before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00). Vulnerability: OS command in...

BIT-JAVA-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

CVE-2026-26985 LORIS vulnerable to path traversal in electrophysiology_browser

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can re...

CVE-2024-9432

CVE-2024-9432 pertains to OpenText Vertica where a vulnerability in the Vertica agent can allow reading a plaintext API key. Affected versions are Vertica 23.X, 24.X, and 25.X. The CVSS metrics indicate local attack vector with high exploit complexity and high privileges required, potentially imp...

Security Bulletin: Weaker than expected SQL injection protection may affect IBM Business Automation Workflow traditional - CVE-2025-5878

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable library of ESAPI. Vulnerability Details CVEID:CVE-2025-5878 DESCRIPTION: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of t...

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

openjdk: Improve compiler transformations (Oracle CPU 2025-04)

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

Adobe Photoshop 24.x < 24.7.4 / 25.x < 25.11 Vulnerability (APSB24-49)

The version of Adobe Photoshop installed on the remote Windows host is prior to 24.7.4/25.11. It is, therefore, affected by a vulnerability as referenced in the apsb24-49 advisory. - Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could...

PT-2023-2377 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions 24.0.4 through 24.0.6 Nextcloud versions 25.0.0 Description: The issue is related to improper access control in Nextcloud, a private cloud software. This can allow a remote attacker to gain unauthorized access to limited...