3952 matches found
EUVD-2026-39603
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
A stored XSS vulnerabilities exists in the maintenance-acl-check.php and maintenance-banners-check.php tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an...
CVE-2026-50742
CVE-2026-50742 describes a stored XSS in Revive Adserver 6.0.7, occurring in the maintenance tools, specifically in the files maintenance-acl-check.php and maintenance-banners-check.php . The root cause is that entity names are displayed without proper escaping when inconsistencies are detected, ...
CVE-2026-43920
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
PT-2026-52650
Name of the Vulnerable Software and Affected Versions Revive Adserver version 6.0.7 Description Stored Cross-Site Scripting XSS occurs in the maintenance-acl-check.php and maintenance-banners-check.php tools. The issue arises when entity names are displayed without proper escaping during the...
The vulnerability of the net/batman-adv/bat_iv_ogm.c module in the Linux operating system allows a hacker to trigger a system failure during maintenance operations.
The vulnerability of the net/batman-adv/bativogm.c module in the Linux operating system is related to incorrect calculations of buffer size. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2026-43920
CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
PT-2026-52177
Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the PATH environment variable influencing the selection of the trash executable during maintenance tasks. An attacker can execute unintended local executables by...
CVE-2026-46935
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-46934
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...
CVE-2026-46915
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Production. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Orac...
GHSA-2W22-3F6X-3HF4 Duplicate Advisory: Workspace-derived service PATH could influence trash command selection
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rx78-29qr-5hq8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows...
CVE-2026-53865
OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations by...
CVE-2026-53865
CVE-2026-53865 : OpenClaw prior to 2026.5.2 has a path traversal bug in maintenance task execution that lets workspace-derived service paths influence the trash command. An attacker can run unintended local executables from operator-unintended paths by manipulating environment paths during mainte...
PT-2026-50039
Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite. A low...
PT-2026-49782
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description A path traversal issue exists in the maintenance task execution process where workspace-derived service paths can influence the selection of the trash command. By manipulating workspace-derived...
PT-2026-50038
Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite. A low...
PT-2026-50022
Name of the Vulnerable Software and Affected Versions Oracle Complex Maintenance, Repair and Overhaul versions 12.2.3 through 12.2.15 Description An issue exists in the Production component of Oracle Complex Maintenance, Repair and Overhaul within Oracle E-Business Suite. A low privileged attacke...