9 matches found
EUVD-2026-41008
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.23 before v.4.8.3.1...
Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 a...
Oracle Linux 10 : mysql8.4 (ELSA-2026-4162)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4162 advisory. 8.4.8-1 - Rebase to 8.4.8 8.4.7-2 - Skip tests that are failing on Konflux - Resolves: ROK-831 Tenable has extracted the preceding description block...
CVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...
PT-2025-1271 · Fastify · Fastify-Multipart
Name of the Vulnerable Software and Affected Versions: @fastify/multipart versions prior to 8.3.1 and 9.0.3 Description: The issue is related to the saveRequestFiles function in the @fastify/multipart plugin for Fastify, which fails to delete uploaded temporary files when a user cancels a request...
SuiteCRM 跨站请求伪造漏洞
SuiteCRM is an open source enterprise-level customer relationship management CRM software application. A cross-site request forgery vulnerability exists in SuiteCRM versions prior to 8.3.1, which can be exploited by an attacker to spoof a user's identity and send malicious requests...
CVE-2020-4686
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678...
CVE-2018-15707
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things...
NetApp Clustered Data ONTAP Man-in-the-Middle Attack Vulnerability
NetApp Data ONTAP is the data management platform. A security vulnerability exists in NetApp Clustered Data ONTAP 8.3.1 due to failure to properly validate the x.509 certificate of the TLS server. A man-in-the-middle attacker could exploit this vulnerability via a constructed certificate to spoof...