Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service (CVE-2026-39865)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module axios CVE-2026-3986...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-64118]

Summary Node.js module tar is used by IBM App Connect Enterprise Certified Container for handling archives files and data. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

CVE-2025-3854

CVE-2025-3854 affects H3C GR-3000AX (up to V100R006). The vulnerability lies in the HTTP POST Request Handler, specifically the functions EnableIpv6, UpdateWanModeMulti, UpdateIpv6Params, EditWlanMacList, and Edit_List_SSID in the file /goform/aspForm. Manipulation of the param argument leads to ...

CVE-2025-3196

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

CVE-2025-3157 Intelbras WRN 150 Wireless Menu cross site scripting

A vulnerability was found in Intelbras WRN 150 1.0.15ptITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has bee...

CVE-2025-1153

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfdsetformat of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The...

CVE-2005-10003 mikexstudios Xcomic os command injection

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitabilit...

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

CVE-2024-8947 MicroPython objarray.c use after free

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-8945

CVE-2024-8945 affects CodeCanyon RISE Ultimate Project Manager 3.7.0. The vulnerability is a SQL injection in the file /index.php/dashboard/save via the id parameter, exploitable remotely. Public PoCs/exploits exist; patched version is 3.7.1. Remediation is to upgrade to 3.7.1 or apply vendor-spe...

CVE-2024-8880 playSMS Template index.php code injection

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...

CVE-2023-1000

CVE-2023-1000 affects cyanomiko dcnnt-py up to 0.9.0, where the main function in dcnnt/plugins/notifications.py under Notification Handler permits remote command injection due to input handling weaknesses. Exploitation can be performed remotely, with impact described as command execution by an at...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2022-4966 sequentech admin-console Election Description cross site scripting

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to...

CVE-2014-125110

The CVE-2014-125110 entry describes a cross-site scripting vulnerability in the wp-file-upload WordPress plugin (versions up to 2.4.3). The issue affects the function wfu_ajax_action_callback in lib/wfu_ajaxactions.php, enabling remote exploitation. Upgrading to version 2.4.4 mitigates the issue ...

CVE-2024-3078

CVE-2024-3078 affects Qdrant prior to 1.8.3 (versions up to 1.6.1, 1.7.4, 1.8.2) and stems from path traversal in the Full Snapshot REST API handler (lib/collection/src/collection/snapshots.rs). The vulnerability allows traversal of filesystem paths due to the processing logic described in multip...

CVE-2024-0570

CVE-2024-0570 affects Totolink N350RT 9.3.5u.6265. The vulnerability lies in /cgi-bin/cstecgi.cgi of the Setting Handler, causing improper access controls. It can be triggered remotely; upgrading the affected component is advised. The available connected documents confirm the file path, affected ...

Cross site request forgery (csrf)

A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is...

Information disclosure

A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified as critical. Affected by this issue is some unknown functionality of the component String Handler. The manipulation leads to protection mechanism failure. The attack may be launched remotely. Upgrading to version 1.3.5 is able t...

Design/Logic Flaw

A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may ...