CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

WordPress WPBakery Page Builder plugin <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin WPBakery Page Builder versions = 8.6...

PT-2023-31171 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.6 through 9.2.2 Description: The issue allows Stored XSS on the Admin Dashboard via the "/dashboard/system/basics/name" API endpoint. The name variable is vulnerable to this type of attack. There is no information...

PT-2023-29306 · Unknown · Zentao Community Edition +2

Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.6 and earlier ZenTao Biz versions 8.6 and earlier ZenTao Max versions 4.7 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted script to the Office Conversion...

CVE-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

CVE-2021-37735

A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...

CVE-2021-37732

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

CVE-2021-25145

A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.1...

CVE-2021-25143

A remote denial of service dos vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that addre...

Aruba Access Points 安全漏洞

Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker to remotely buffer overflow the following products and versions are affected: Aruba Instant 6.4.x:...

PT-2019-18086 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 8.5.x before 8.5.11 Drupal versions 8.6.x before 8.6.10 Description: Some field types do not properly sanitize data from non-form sources in Drupal. This can lead to arbitrary PHP code execution in some cases. A site is only...

CVE-2016-0370

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product...

CVE-2016-0233

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2016-0224

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...