CVE-2025-54858

CVE-2025-54858 affects BIG-IP Advanced WAF/ASM where a malformed JSON schema in a JSON content profile can cause the bd process to terminate on a configured virtual server, triggering DoS. Affected BIG-IP branches include BIG-IP Advanced WAF/ASM (16.x, 17.x) with fixes introduced in 17.5.1.3 and ...

EUVD-2024-53028

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 41 Update: php-8.3.19-1.fc41

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2023-38693

Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...

Dynamsoft Service Security Vulnerability

Dynamsoft Service is a core part of a Dynamic Web TWAIN from Dynamsoft Canada when running in service mode. A security vulnerability exists in Dynamsoft Service that stems from incorrect access control...

SAP BusinessObjects Business Intelligence Platform Multiple Vulnerabilities (May 2024)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is potentially affected by the following vulnerabilities: - A cross-site scripting XSS vulnerability exists in the Opendocument URL due to improper validation of user-supplied input before...

CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

CVE-2024-33004

CVE-2024-33004 affects SAP Business Objects Business Intelligence Platform. The issue is insecure storage: dynamic web pages are cached after logout, allowing an attacker to view cached pages and open them, with a limited impact on confidentiality, integrity and availability. The initial descript...

CVE-2024-33004 Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Security Bulletin: Security vulnerability in IBM Datacap Navigator plugin

Summary Due to an issue in the client-side Dynamsoft Service, IBM Datacap Navigator plugin is at risk for malicious code to be executed remotely. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 275484 DESCRIPTION: Due to inadequate...

QtWebEngine: Multiple Vulnerabilities

Background QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. Description Multiple vulnerabilities have been discovered in QtWebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

Debian: Security Advisory (DLA-2925-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA-2925-1] drupal7 security update

Package : drupal7 Version : 7.52-2+deb9u18 This security updates includes two fixes, backported respectively from Drupal version 7.87 and 7.88: - Fix a regression caused by Query ui position backport in version 7.86 backported as 7.52-2+deb9u17: was not checking for possible "undefined" value in...

Qt WebEngine: Multiple vulnerabilities

Background Library for rendering dynamic web content in Qt5 C++ and QML applications. Description Multiple vulnerabilities have been discovered in Qt WebEngine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

[SECURITY] Fedora 31 Update: memcached-1.5.17-1.fc31

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...

Dynamic Web App has a logic flaw vulnerability

Movie.com APP is a mobile sports venue booking software. A logic flaw vulnerability exists in Movie.com APP, which can be exploited by an attacker to log in to any account to withdraw cash...

[SECURITY] Fedora 27 Update: memcached-1.5.7-1.fc27

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...

[SECURITY] Fedora 26 Update: memcached-1.4.39-2.fc26

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load...