62 matches found
CVE-2026-35274
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)
Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...
Auth.js SDK has Improper Permission Checking
Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
CVE-2026-34267
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...
UBUNTU-CVE-2025-69693
Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...
CVE-2025-68903
Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through = 8.0...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459.
Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.
Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...
CVE-2025-13792 Qualitor getResumo.php eval code injection
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack...
Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24771
This High severity vulnerability known as CVE-2022-24771 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
PT-2025-45138
Name of the Vulnerable Software and Affected Versions Dell CloudLink versions prior to 8.1.1 Description Dell CloudLink, versions prior to 8.1.1, contains a Command Injection issue that an authenticated attacker can exploit to execute arbitrary commands on the system. Recommendations Update Dell...
mysql: InnoDB unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
Linux Distros Unpatched Vulnerability : CVE-2025-30687
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and...
com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +13 more potentially affected by CVE-2024-52979 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.15.5)
org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.15.5 Source cves: CVE-2024-52979 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-9919796...
mysql: MySQL Server: Unauthorized Data Modification and Read Access Vulnerability
A flaw was found in MySQL Server. This vulnerability allows a low privileged attacker with network access via multiple protocols to achieve unauthorized data modification and read access to a subset of MySQL Server's accessible data...