15 matches found
EUVD-2026-24143
This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of...
PT-2026-34128
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.45 MySQL Server versions 8.4.0 through 8.4.8 MySQL Server versions 9.0.0 through 9.6.0 Description An issue in the InnoDB component of MySQL Server allows a high privileged attacker with network access v...
EUVD-2026-12590
This High severity RCE Remote Code Execution vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute...
BIT-PARSE-2026-32269 Parse Server OAuth2 adapter app ID validation sends wrong token to introspection endpoint
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.39, the OAuth2 authentication adapter does not correctly validate app IDs when appidField and appIds are configured. During app ID validation, a malformed value is sent t...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer
Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2025. Vulnerability Details CVEID:CVE-2025-53057...
Digital-Infrastructure 路径遍历漏洞
Digital-Infrastructure is an open source management support platform from Risesoft. A path traversal vulnerability exists in Digital-Infrastructure 9.6.7 and earlier versions, which stems from improper handling of the parameter fullPath in the file Y9FileController.java, which could lead to path...
PT-2024-21286 · WordPress · Salon Booking System
Name of the Vulnerable Software and Affected Versions: Salon booking system WordPress plugin versions 9.6.5 and earlier Description: The issue allows high privilege users, such as admin or editor depending on the plugin configuration, to perform Stored Cross-Site Scripting attacks. This is possib...
PT-2024-20338 · WordPress · Salon Booking System
Name of the Vulnerable Software and Affected Versions: The Salon booking system WordPress plugin versions 9.6.5 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
CVE-2024-22449
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access...
PT-2022-5287 · Ibm · Ibm Host Access Transformation Services
Name of the Vulnerable Software and Affected Versions: IBM Host Access Transformation Services HATS versions 9.6 through 9.6.1.4 IBM Host Access Transformation Services HATS versions 9.7 through 9.7.0.3 Description: The issue is related to the storage of user credentials in plain clear text, whic...
GHSA-6278-2Q4M-CMF3 ZK Framework vulnerable to malicious POST
ZK Framework version 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader...
CVE-2021-41765
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
CVE-2019-7590
ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to...
IBM Rational DOORS Web Access Cross-Site Scripting Vulnerability (CNVD-2018-02501)
IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...
PT-2018-5784 · Ibm · Ibm Doors Web Access
Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this to hijack th...