19 matches found
PYSEC-2026-55
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...
com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.2) +5 more potentially affected by CVE-2026-34197 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.2)
org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.2 Source cves: CVE-2026-34197 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-16032379...
Linux Distros Unpatched Vulnerability : CVE-2026-3902
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an...
PT-2026-4578
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alex user counter function function. This makes it possible for unauthenticated attackers to update the plugin settings...
EUVD-2025-199597
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie...
EUVD-2025-32912
Malicious code in v0-components npm...
Linux Distros Unpatched Vulnerability : CVE-2021-21441
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Atta...
CVE-2024-31261
Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0...
WordPress plugin Bit File Manager 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
CVE-2023-40209
Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0...
CLTPHP 输入验证错误漏洞
CLTPHP is an open source and efficient site-building PHP content management system. An input validation error vulnerability exists in CLTPHP version 6.0 and earlier versions, which stems from incorrect input validation in application/admin/controller/Template.php. An attacker can exploit this...
SUSE CVE-2019-3031
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2021-39087
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109...
HCL Technologies Connections Information Disclosure Vulnerability
HCL Technologies Connections is a suite of enterprise collaboration platforms from HCL Technologies India. A security vulnerability exists in HCL Technologies Connections version 6.5, 6.0 and 5.5. The vulnerability can be exploited by an attacker to gain access to sensitive information...
CVE-2019-4601
IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system...
CVE-2019-4377
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803...
CVE-2018-1639
The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 through 6.0.6 could allow an authenticated user to obtain sensitive information beyond its assigned privileges. IBM X-Force ID: 144579...
JDK: DoS in the java.math component
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681...
CVE-2016-0317
Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote attackers to conduct clickjacking attacks via unspecified vectors...