21 matches found
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...
CVE-2026-42509
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540.
Summary IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
Kibana 8.19.12, 9.2.6, 9.3.1 Security Update (ESA-2026-19)
Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration Missing Authorization CWE-862 in Kibana’s server-side Detection Rule Management can lead to Unauthorized Endpoint Response Action Configuration host isolation, process termination, and process suspensio...
CVE-2026-29057 Next.js: HTTP request smuggling in rewrites
Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary...
Microsoft .NET 安全漏洞
Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There are security vulnerabilities in Microsoft .NET. Attackers can exploit the...
CVE-2025-66595
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery CSRF. When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows:...
Slackware Linux 15.0 / current bind Vulnerability (SSA:2026-021-01)
The version of bind installed on the remote host is prior to 9.18.44 / 9.20.18. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-021-01 advisory. New bind packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
PT-2025-44636
Name of the Vulnerable Software and Affected Versions Kitware VTK Visualization Toolkit versions through 9.5.0 Description The software contains a heap buffer overflow issue within the vtkGLTFDocumentLoader. This occurs when processing specifically designed GLTF files, where the copy constructor ...
PT-2025-44196
Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...
CVE-2025-55118
CVE-2025-55118 concerns BMC Control-M/Agent. The issue is a memory corruption vulnerability that can be remotely triggered when SSL/TLS is configured, with specific non-default conditions: Control-M/Agent 9.0.20 using non-default SSL/TLS setting use_openssl=n; and 9.0.21/9.0.22 with non-default s...
GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...
SUSE CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
mysql: MySQL Server: Unauthorized Data Modification and Read Access Vulnerability
A flaw was found in MySQL Server. This vulnerability allows a low privileged attacker with network access via multiple protocols to achieve unauthorized data modification and read access to a subset of MySQL Server's accessible data...
CVE-2024-21687
This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the...
PT-2024-19805 · Unknown · Controller 6000 +1
Name of the Vulnerable Software and Affected Versions: Controller 6000 and Controller 7000 versions 8.60 and prior Controller 6000 and Controller 7000 versions 8.70 prior to vCR8.70.240520a Controller 6000 and Controller 7000 versions 8.80 prior to vCR8.80.240520a Controller 6000 and Controller...
Gallagher Command Centre Cross-Site Scripting Vulnerability
Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre due to improper neutralization of special elements. The following products and versions are affected: Gallagher Comma...
Dell PowerScale OneFS Security Vulnerability
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x. The vulnerability stems from a Contains Incorrect Default Privileges...
PT-2024-1468 · Ivanti · Ivanti Policy Secure +1
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions 9.x through 22.x Ivanti Policy Secure versions 9.x through 22.x Description: A privilege escalation vulnerability in the web component of Ivanti Connect Secure and Ivanti Policy Secure allows a user to elevate...