Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 3:36 p.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

Summary Vulnerabilities have been identified in HTML / XSS Injection, which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2025-33128 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to cross-site scripting. This...

5.4CVSS4.8AI score0.00139EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 4:16 a.m.18 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 9:38 p.m.4 views

CVE-2025-58744 Hard-Coded Default Credentials Enable Document Archive Decryption in Milner ImageDirector Capture

Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key. This issue affects ImageDirector Capture: from...

6.9CVSS5.3AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2025/03/10 10:15 a.m.4 views

CVE-2025-24387

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2022/05/24 5:13 p.m.4 views

GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...

8.8CVSS6.8AI score0.016EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/28 12:0 a.m.8 views

PT-2022-11786 · Technitium · Technitium Dns Server

Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 7.0 Description: A vulnerability in the bailiwick checking function exists that allows specific malicious users to inject NS records of any domain into the cache and conduct a DNS cache poisoning attack...

4.3CVSS4.6AI score0.00599EPSS
Exploits0References5
Rows per page
Query Builder