7061 matches found
Knowage Suite 7.3 - Cross-Site Scripting
Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. id: CVE-2021-30213 info: name: Knowage Suite 7.3 - Cross-Site Scripting author: alph4byt3 severity:...
CVE-2026-15110
Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...
CVE-2026-14062
Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-3602
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
EUVD-2026-40385
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of...
PT-2026-53945
Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 IBM App Connect Enterprise versions 12.0.1.0 through 12.0.12.26 IBM Integration Bus for z/OS versions 10.1.0.0 through 10.1.0.7 Description SQL injection allows a remote attacker to...
Delta Electronics DTM Soft
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...
CVE-2024-51454
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...
CVE-2024-51454 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various...
CVE-2024-51454
Affected product: IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). The vulnerability is a free-form HTTP header injection in HOST header parsing due to input validation weaknesses. Affected versions are 7.0.2 (with Interim Fix 035), 7.0.3 (IFix 017), and 7.1 (IF...
CVE-2025-33128
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2025-33128
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
EUVD-2025-210300
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2025-33128 IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed
IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2025-33128
The CVE-2025-33128 affects IBM Engineering Workflow Management (part of IBM Engineering Lifecycle Management). Affected versions are 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007. The issue is a cross-site scripting (XSS) vulnerability in the Web UI that lets an authent...
PT-2026-51296
Name of the Vulnerable Software and Affected Versions IBM Engineering Workflow Management versions 7.0.3 through 7.0.3 Interim Fix 020 IBM Engineering Workflow Management versions 7.1 through 7.1 Interim Fix 007 Description An issue exists where an authenticated user can embed arbitrary JavaScrip...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed
Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...
Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)
Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writer field's link and email marks. An attacker can execute arbitrary JavaScript code in the context of the authenticated user's browser session by injecting a malicious link and tricking the user into...
EUVD-2026-37530
Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...