CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

CVE-2026-6909

ATutor is affected by a Reflected XSS in the /install/upgrade.php endpoint. It allows arbitrary JavaScript execution in a victim’s browser when a crafted URL is opened. Only version 2.2.4 has been tested and confirmed vulnerable; other versions have not been tested but might also be vulnerable. T...

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

Fedora 43 : pcs (2026-88c901f6a2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-88c901f6a2 advisory. - Rebased pcs to the newest major version see CHANGELOG.md - Updated standalone web UI and HA Cluster Management Cockpit application to pcs-web-ui 0.1.24.2 s...

CVE-2025-20387

CVE-2025-20387 affects Splunk Universal Forwarder for Windows. The issue, observed in versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, arises when installing or upgrading to an affected build, causing incorrect permissions in the Forwarder installation directory. This misconfiguration allows non-...

CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

Broadcom SANnav 安全漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom SANnav that stems from an encryption key that could be written to and retrieved from Brocade SANnav's supportsave during Brocade SANnav installations or upgrades under...

Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining Multiple CVEs

Summary There is a vulnerability in Apache Commons Compress that could allow an remote attacker exploit to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-29857

Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause excessive CPU consumption on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Dell Rugged Control Center 安全漏洞

Dell Rugged Control Center is an application from Dell USA. It allows a range of settings to be configured on the ruggedized device, such as application settings, keyboard backlight settings, night mode settings, stealth mode settings, window settings, antenna switch settings and GPS settings. An...

CVE-2023-34046

VMware Fusion13.x prior to 13.5 contains a TOCTOU Time-of-check Time-of-use vulnerability that occurs during installation for the first time the user needs to drag or copy the application to a folder from the '.dmg' volume or when installing an upgrade. A malicious actor with local...

CVE-2023-0975

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

Design/Logic Flaw

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions...

Trellix Agent 安全漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent 5.7.8 and earlier versions that originates from an elevation of privilege that allows...

PT-2023-16657 · Trellix · Trellix Agent For Windows

Name of the Vulnerable Software and Affected Versions: Trellix Agent for Windows versions 5.7.8 and earlier Description: A vulnerability exists that allows local users to replace one of the Agent's executables during the install/upgrade workflow, enabling them to elevate their permissions...

CVE-2020-36169

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the...

CVE-2020-36169

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary CVE-2019-2949 deferred from Oracle Oct 2019 CPU Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality...