19 matches found
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
PT-2026-44213
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2026-8992
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code...
CVE-2026-7431
An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...
CVE-2026-23604
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23605
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-23605
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...
CVE-2026-21918
A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...
BIT-MONGODB-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation
MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...
Linux Distros Unpatched Vulnerability : CVE-2021-33139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper conditions check in firmware for some IntelR Wireless BluetoothR and KillerTM BluetoothR products before version 22.100 may allow an authenticated user...
PT-2025-32206 · 4C Strategies · 4C Strategies Exonaut
Name of the Vulnerable Software and Affected Versions: 4C Strategies Exonaut versions prior to 22.4 Description: The 4C Strategies Exonaut software was found to have insecure permissions. Recommendations: Update to version 22.4 or later...
Firmanet ERP SQL注入漏洞
Firmanet ERP is an e-commerce system from Firmanet, Inc. A SQL injection vulnerability exists in Firmanet ERP version 22.11.2024 and earlier, which stems from vulnerability to SQL injection attacks...
Galaxy Code Issues Vulnerabilities
Galaxy is an open source platform for FAIR data analysis open-sourced by Galaxy Project. A code issue vulnerability exists in Galaxy versions prior to 22.05 that stems from the presence of a Server Request Forgery SSRF vulnerability. An attacker can exploit this vulnerability to send arbitrary...
LibreNMS 跨站脚本漏洞
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS versions prior to 22.10.0 have a security vulnerability that stems from the presence of...
CVE-2022-31689
VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that token...
PT-2022-5564 · Twisted +6 · Twisted +6
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 22.4.0rc1 Description: The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead t...
CVE-2022-0550
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks...
CVE-2022-0551
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian...
CVE-2020-14898
Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromis...