102502 matches found
CVE-2025-14773
CVE-2025-14773 is a stored cross-site scripting (XSS) vulnerability in ABB T-MAC Plus web application, affecting T-MAC Plus 4.0-24. The issue stems from improper neutralization of input during web page generation. CVSS metrics from ABB indicate a HIGH severity (CVSS v4.0 base 7.2; v3.1 base 8.0),...
CVE-2025-14773 Stored Cross-Site Scripting in ABB T-MAC Plus web application
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14773 Stored Cross-Site Scripting in ABB T-MAC Plus web application
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14771
Technical details (affected components, versions, impact, remediation) are not publicly available in the provided documents. Monitor for updates on ABB T-MAC Plus CVE-2025-14771.
CVE-2025-14771 File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site
Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by remote code execution
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by remote code execution CVE-2026-9311, CVE-2026-9330 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an identity spoofing vulnerability
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an identity spoofing vulnerability CVE-2026-8644 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
eCPPT-Penetration-Testing-Reports
eCPPT Penetration Testing Reports Penetration testing lab rep...
school-management-system 安全漏洞
School-Management-System is a PHP-based school management system developed by Shubham Kumar, an individual developer. The School-Management-System has a security vulnerability, which stems from the use of predictable password generation methods. This vulnerability may allow attackers to easily...
PT-2026-45941
daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat x0b, x0c, x1c, x1d, x1e, or x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...
PT-2026-46057
Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...
CVE-2026-44654
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...
CVE-2024-42206
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
EUVD-2024-55606
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js
Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a...