102440 matches found
CVE-2026-8633
CVE-2026-8633 affects IBM WebSphere Application Server and WebSphere Application Server Liberty when using the optional Web Server Plug-ins for WebSphere. The VULN allows remote code execution through a specially crafted request in the plug-ins (CWE-94). Affected products are the Web Server Plug-...
CVE-2026-8633
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...
EUVD-2026-31927
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...
CVE-2026-8620
CVE-2026-8620 affects IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty (versions 8.5 and 9.0). The Web Server Plug-ins are vulnerable to HTTP request smuggling via specially crafted requests, with attack vector network, no user interaction, and impact limited to conf...
CVE-2026-8620
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...
CVE-2026-44410 Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...
python-markdown: denial of service via malformed HTML-like sequences
A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...
SUSE CVE-2026-42268
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
PT-2026-43284
Name of the Vulnerable Software and Affected Versions Google Cloud Apigee affected versions not specified Description A flaw in the SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery SSRF, which is a technique where an attacker forces a server to make...
EUVD-2026-31838
An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...
PT-2026-43364
Name of the Vulnerable Software and Affected Versions IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty versions 8.5 through 9.0 Description Remote code execution is possible in the Web Server Plug-ins when processing a specially crafted request. This issue allows an...
PT-2026-43370
Name of the Vulnerable Software and Affected Versions IBM HTTP Server versions 8.5 and 9.0 IBM WebSphere Application Server & Liberty versions 8.5 and 9.0 Description Web Server Plug-ins are susceptible to HTTP Request Smuggling, a technique where the frontend and backend servers disagree on the...
๐ Sparx Pro Cloud Server 6.1 / Sparx Enterprise Architect 17.1 SQL Injection
Multiple vulnerabilities in Sparx Pro Cloud Server PCS versions 6.1 and below and Sparx Enterprise Architect versions 17.1 and below allow a remote unauthenticated attacker to execute arbitrary SQL queries both read and write within any configured database. In the case where PCS is installed with...
Apple macOS ๅฎๅ จๆผๆด
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26 and earlier contained security vulnerabilities; these vulnerabilities stemmed from out-of-bound read operations, which could potentially cause applications to...
Hitachi Energy HiDraw ๅฎๅ จๆผๆด
Hitachi Energy HiDraw is a power transformer design software developed by Hitachi Corporation in Japan. Hitachi Energy HiDraw contains a security vulnerability caused by a heap buffer overflow. This vulnerability could allow malicious users with local access to cause memory corruption and potenti...
PT-2026-43363
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...
IBM WebSphere Application Server 8.5.x / 9.x RCE (7274072)
The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274072 advisory. - IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and...
IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty ็ฏๅข้ฎ้ขๆผๆด
IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain environmental issues, which stem from vulnerabilities that can be exploited by HTTP request payload attacks...
IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty ไปฃ็ ๆณจๅ ฅๆผๆด
IBM Web Server Plug-ins for IBM WebSphere Application Server and IBM WebSphere Liberty are web server integration plugins developed by IBM. Versions 8.5 and 9.0 of these plugins contain a code injection vulnerability that can be exploited by remote code execution attacks...
PT-2026-43398
Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the application id variable from the URL path without validating ownership, which...