156 matches found
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-04167)
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2020-2880
Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite component: OTA Training Activities. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2024-21136
Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications component: Security. Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...
CVE-2024-32970
Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities...
CVE-2025-21530
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2024-12401
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service DoS vector for the cert-manag...
CVE-2024-47165
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to CORS origin validation accepting a null origin. When a Gradio server is deployed locally, the localhostaliases variable includes "null" as a valid origin. This allows attackers to make unauthoriz...
DrayTek Vigor 3910 Buffer Overflow Vulnerability (CNVD-2024-39949)
The DrayTek Vigor 3910 is a high performance router for enterprise networks from DrayTek. A buffer overflow vulnerability exists in the DrayTek Vigor 3910 v4.3.2.6, which is caused by the sProfileName parameter on the fextobj.cgi page not properly validating the length of input data, and can be...
SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability (CNVD-2024-49631)
SAP NetWeaver Enterprise Portal is a SAP NetWeaver Web front-end component from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by a...
Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC...
IBM Datacap Navigator Information Disclosure Vulnerability
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from an information disclosure vulnerability that originates from temporarily storing data from different environments, which can be exploited by an attacker to obtain sensiti...
EUVD-2024-46898
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...
WordPress ImageMagick Sharpen Resized Images plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ImageMagic...
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2024-26529)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow version 2.9.0 suffers from a cross-site scripting vulnerability that...
IBM UrbanCode Deploy Cross-Site Scripting Vulnerability (CNVD-2024-26496)
IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...
Cybozu Garoon security bypass vulnerability (CNVD-2024-29667)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A security bypass vulnerability exists in Cybozu Garoon, which stems from improper restriction of browsing and...
OpenCart Core 4.0.2.3 - 'search' SQLi
Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description :...
OneBlog Cross-Site Scripting Vulnerability
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...
PT-2024-2621
Name of the Vulnerable Software and Affected Versions net/http and net/http2 in Go affected versions not specified Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires...
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...