CVE-2025-12690 Local Privilege Escalation in NGFW Engine

Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10...

CVE-2025-62952

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.7.3...

EUVD-2023-51779

Malicious code in bioql PyPI...

PT-2025-47543

SonicWall SonicOS and Affected Versions SonicWall versions prior to 7.3.1-7013 SonicWall versions prior to 8.0.3-8011 SonicWall versions 7.3.0-7012 and older SonicWall versions 8.0.2-8011 and older Description A stack-based buffer overflow vulnerability exists in the SonicOS SSLVPN service. This...

WordPress plugin FloristPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download vulnerability

WordPress Mercado Pago payments for WooCommerce plugin 7.3.0 - 7.6.1 - Authenticated Subscriber+ Arbitrary File Download vulnerability discovered by Krzysztof Zając in WordPress Plugin Mercado Pago payments for WooCommerce versions 7.3.0 - 7.6.1...

PT-2024-2835 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Data Center versions 7.3.0 through 8.5.7 Description: The issue exists due to the failure to neutralize special elements used in operating system commands. Exploitation of this issue may allow a remote attacker to impact the...

PT-2023-19627 · Micro Focus · Arcsight Logger

Name of the Vulnerable Software and Affected Versions: ArcSight Logger versions prior to 7.3.0 Description: The issue is related to a Potential XML External Entity Injection. Recommendations: For versions prior to 7.3.0, update to version 7.3.0 or later to resolve the issue...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2023-1863 · Fortinet · Fortisoar

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions 7.3.0 through 7.3.1 Description: The issue is related to improper access control in the administrative interface, allowing an attacker to perform unauthorized actions via crafted HTTP requests. This can enable a...

CVE-2022-41567

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting XSS attack on the affected system. Affected releases are TIBCO Software Inc.'s...

Cross site scripting

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting XSS attack on the affected system. Affected releases are TIBCO Software Inc.'s...

CVE-2021-20399

IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073...

Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2021-20401, CVE-2020-4932)

Summary IBM QRadar SIEM contains hard-coded credentials Vulnerability Details CVEID: CVE-2020-4932 DESCRIPTION: IBM QRadar contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or...

IBM QRadar SIEM 代码问题漏洞

IBM QRadar is an enterprise security information and event management SIEM product that detects anomalies, finds advanced threats, and eliminates false positives. A code execution vulnerability exists in IBM QRadar 7.4.0 - 7.4.2 Patch 1, 7.3.0 - 7.3.3 Patch 7. The vulnerability stems from unsafe...

CVE-2020-4269

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845...

Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2020-4270)

Summary IBM QRadar SIEM is vulnerable to privilege escalation due to weak file permissions Vulnerability Details CVEID: CVE-2020-4270 DESCRIPTION: IBM QRadar could allow a local user to gain escalated privileges due to weak file permissions. CVSS Base score: 8.4 CVSS Temporal Score: See:...

CVE-2019-4470

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779...

IBM QRadar SIEM Remote Code Execution Vulnerability

IBM Security QRadar SIEM is an IBM USA solution that consolidates log-sourced event data from thousands of devices and applications dispersed throughout the network. The solution stores each event in its raw form and then performs instant correlation of events to differentiate between actual...

CVE-2016-8214

EMC Avamar Data Store ADS and Avamar Virtual Edition AVE versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers...