16 matches found
CVE-2026-8197
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
CVE-2026-21949
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2026-21952
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...
oa_git_free 代码问题漏洞
bestfeng oagitfree line cloud process engine is an enterprise automation process platform from China Cloud OA bestfeng company. A code issue vulnerability exists in oagitfree 9.5 and earlier versions, which originates from the parameter in the file...
PT-2025-44196
Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...
CVE-2024-57052
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.5.x through 9.5.7 and 9.10.x through 9.10.0, which stems from a failure to properly implement privilege controls, resulting in the ability to...
PT-2024-25156 · Parisneo · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions up to 9.5 Description: A path traversal vulnerability exists in the 'cyber security/codeguard' native personality, arising from the improper limitation of a pathname to a restricted directory in the 'process...
PT-2021-7474 · Unknown · Resourcespace
Name of the Vulnerable Software and Affected Versions: ResourceSpace versions 9.5 through 9.6 rev 18274 Description: A SQL injection issue in the pages/edit fields/9 ajax/add keyword.php file of ResourceSpace allows remote unauthenticated attackers to execute arbitrary SQL commands via the k...
CVE-2020-14246
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...
Netapp Clustered Data ONTAP 安全漏洞
NetApp Clustered Data ONTAP is NetApp's proprietary operating system for storage disk arrays. An information disclosure vulnerability exists in NetApp Clustered Data ONTAP versions prior to 9.3P20, 9.5P15. An attacker could exploit this vulnerability to discover other storage virtual machines SVM...
HCL Technologies Digital Experience Code Issue Vulnerability
HCL Technologies Digital Experience is a suite of digital experience platforms, content delivery solutions from HCL Technologies India. A code issue vulnerability exists in HCL Technologies Digital Experience versions 8.5, 9.0, and 9.5, which arises from an improperly designed or implemented code...
IBM Security Guardium Database Activity Monitor Authorization Vulnerability
IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. An authorization vulnerability exists in IBM Security Guardium Databas...
IBM Rational DOORS Web Access Cross-Site Scripting Vulnerability (CNVD-2018-02502)
IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...
CVE-2017-1447
IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172...