IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

Cisco Customer Collaboration Platform Information Disclosure Vulnerability

Cisco Customer Collaboration Platform Cisco CCP is a customer collaboration platform from Cisco USA. Cisco Customer Collaboration Platform suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited ...

The vulnerability of the dt9812 component of the Linux operating system allows a hacker to gain access to confidential information.

The vulnerability of the dt9812 component in the Linux operating system is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to access confidential information...

The vulnerability of the software for managing and monitoring manufacturing processes in Rockwell Automation’s FactoryTalk View Site Edition arises from the lack of measures taken to clean data at the management level. This allows a perpetrator to execute arbitrary code.

The vulnerability of the software for managing and monitoring manufacturing processes in Rockwell Automation’s FactoryTalk View Site Edition stems from the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary cod...

PT-2024-6554 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: NginxProxyManager version 2.11.3 Description: A command injection vulnerability in the requestLetsEncryptSslWithDnsChallenge function allows an attacker to achieve remote code execution via the "Add Let's Encrypt Certificate" feature. This...

The vulnerability of the OpenKeychain data encryption and digital signature verification program lies in the insufficient protection of operational data, allowing attackers to gain unauthorized access to the protected information.

The vulnerability of the OpenKeychain data encryption and digital signature verification program is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the protected information...

The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software lies in the lack of measures taken at the management level to clean data, allowing attackers to execute arbitrary code.

The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software-related data processing lies in the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

OPENSUSE-SU-2022:10119-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 105.0.5195.102 boo1203102: CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 boo1202964: CVE-2022-3038: Use after free in Network Service CVE-2022-3039: Use after free in WebSQL CVE-2022-3040: Use after free in...

Haraj v3.7 跨站脚本漏洞

A cross-site scripting vulnerability exists in Haraj v3.7, a buying and selling platform from Haraj Saudi Arabia. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in some DM components. An attacker could exploit this vulnerability to execute...

ROS-2-1627

2.1627 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

CVE-2011-4770

The QIWI Wallet ru.mw application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application...

PHPProbid 5.24 - 'Lang.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/22374/info PHPProbid is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

Magic Photo Storage Website - '/user/user_extend.php?_config[site_path]' Remote File Inclusion

source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying...

RedBLoG 0.5 - '/admin/config.php?root_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/20115/info The redblog application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system...

Telekorn Signkorn Guestbook 1.x - help.php?dir_path Remote File Inclusion

Telekorn Signkorn Guestbook 1.x - help.php?dirpath Remote File Inclusion source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the...

CVE-2005-1164

Yager 5.24 and earlier allows remote attackers to cause a denial of service application hang via a packet with a game header that provides less data than indicated by the length...