CVE-2025-43817

Multiple reflected cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the redirect...

CVE-2024-31946

An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

Update to How CISA Shares Cyber-Related Alerts and Notifications

Update May 13 : In an effort to enhance user experience and highlight the most timely and actionable information for cyber defenders, CISA announced a shift in how we share cybersecurity alerts and advisories. We recognize this has caused some confusion in the cyber community. As such, we have...

Alibaba nacos 授权问题漏洞

Alibaba nacos is a dynamic service discovery, configuration and service management platform for Alibaba in China. The software supports both DNS-based and RPC-based service discovery, and provides features such as providing real-time health checks to prevent services from sending requests to...

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2021-35221

Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution RCE from the Alerts Settings page...

Information Disclosure

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security...

Cross site scripting

ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settingsSMSALERTTYPE parameter, and JavaScript can be executed on settings-save.html the Settings - SMS Alerts page...

RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2016:1587)

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary and Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a...