129 matches found
CVE-2026-55474
Snipe-IT (IT asset/license management) is affected by a directory-traversal in ActionlogController::displaySig prior to version 8.5.0. The route filename parameter is concatenated into a private upload-directory path without sanitization, enabling an authenticated attacker to read arbitrary files...
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
EUVD-2026-40396
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
CVE-2026-11712
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
EUVD-2026-39724
Unauthenticated Cross Site Scripting XSS in WoodMart = 8.5.3 versions...
CVE-2026-47733
Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...
CVE-2025-68060
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5...
CVE-2026-8850
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modibmupload...
CVE-2026-8835
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...
CVE-2026-8644
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...
CVE-2026-8644
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...
CVE-2026-9311
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...
CVE-2026-8644
IBM WebSphere Application Server versions 9.0 and 8.5 are affected by CVE-2026-8644, an identity spoofing (authentication bypass) vulnerability (CWE-290) with CVSSv3.1 base score 9.1. Affected products: WebSphere Application Server 9.0 and 8.5. Root cause: identity spoofing leading to authenticat...
IBM WebSphere Application Server(WAS) 代码注入漏洞
IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and running Java enterprise applications. IBM WebSphere Application Server has a security control bypass vulnerability. This vulnerability stems from the improper implementation of securi...
IBM WebSphere Application Server(WAS) 安全漏洞
IBM WebSphere Application Server is a Java enterprise application server developed by IBM. It is primarily used for deploying and managing enterprise-level web applications. IBM WebSphere Application Server has a vulnerability known as “Identity Spoofing.” This vulnerability arises from the failu...
PT-2026-45543
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 8.5 IBM WebSphere Application Server version 9.0 Description Remote code execution is possible due to the bypass of security controls. Recommendations At the moment, there is no information about a newe...
PT-2026-45542
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists that allows for identity spoofing, where an attacker can impersonate another user or system identity. Recommendations At the...
CVE-2026-8835
IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...
EUVD-2026-31905
IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication client authentication...
EUVD-2026-31903
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration...