25 matches found
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540.
Summary IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3...
CVE-2026-35236
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2025-66595
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery CSRF. When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows:...
CVE-2025-66594
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
PT-2026-7051
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...
CVE-2026-21949
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2026-21952
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...
CVE-2025-52457
Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...
IBM OpenPages 安全漏洞
IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 9.1 and 9.0 that stems from susceptibility to an HTML injection attack that could lead to malicious code...
CVE-2025-55118
CVE-2025-55118 concerns BMC Control-M/Agent. The issue is a memory corruption vulnerability that can be remotely triggered when SSL/TLS is configured, with specific non-default conditions: Control-M/Agent 9.0.20 using non-default SSL/TLS setting use_openssl=n; and 9.0.21/9.0.22 with non-default s...
CVE-2024-35116
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335...
PT-2024-23670 · Derbynet · Derbynet
Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...
Gallagher Command Centre Cross-Site Scripting Vulnerability
Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre due to improper neutralization of special elements. The following products and versions are affected: Gallagher Comma...
FRRouting FRR Security Vulnerabilities
FRRouting FRR is a suite of software that implements and manages various IPV4 and IPV6 routing protocols. A security vulnerability exists in FRRouting FRR version 9.0.1 and earlier versions. An attacker could exploit this vulnerability to cause a system crash...
PT-2023-9208 · Unknown +10 · Frrouting Frr +10
Name of the Vulnerable Software and Affected Versions: FRRouting FRR versions through 9.0.1 Description: An issue was discovered in FRRouting where a crash can occur when a malformed BGP UPDATE message with an EOR is processed. This happens because the presence of EOR does not lead to a...
CVE-2023-22083
Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications component: Web UI. Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise...
CVE-2022-21829
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concretesecure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http...
Dell EMC Isilon OneFS 和 EMC PowerScale 权限许可和访问控制问题漏洞
DELL Dell EMC Isilon OneFS and EMC PowerScale are both a set of horizontally scalable storage systems for unstructured data from Dell USA. A privilege permission and access control issue vulnerability exists in Dell EMC Isilon OneFS and PowerScale OneFS, which stems from Dell EMC Isilon OneFS...
HCL Technologies Domino 输入验证错误漏洞
HCL Domino is a server for collaborative client-server software platforms. A denial of service vulnerability exists in HCL Domino versions 9.0.1 FP10 IF6, prior to 10.0.1. The vulnerability stems from improper validation of user-supplied input. An attacker could exploit the vulnerability to cause...