220 matches found
PT-2025-35922
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the dataAddonlayouts and dataAddonlayouts except...
appRain CMF 跨站脚本漏洞
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/cycle endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...
CVE-2024-21666
The Customer Management Framework CMF for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when...
CVE-2024-20947
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2024-51764
A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...
CVE-2023-32075
The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...
CVE-2021-2093
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 13.0.0 and earlier, which stems from allowing cross-site scripting attacks...
CVE-2025-30716
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite component: CRM User Management Framework. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
How Qualys Policy Compliance Helps You Adopt NIST AI RMF 1.0
Artificial Intelligence AI technologies are reshaping industries at an unprecedented pace. But while these technologies present incredible opportunities for innovation, they also pose unique risks. AI systems are no longer just futuristic concepts; they are actively influencing business decisions...
cool-admin-java 代码问题漏洞
cool-admin-java is a backend privilege management framework for COOL individual developers. A code issue vulnerability exists in cool-admin-java v1.0. An attacker can exploit this vulnerability to execute arbitrary code by uploading specially crafted files...
SQL Injection
pimcore/customer-management-framework-bundle is vulnerable to SQL injection. The vulnerability is due to improper handling of the filterDefinition/filter argument in the file /admin/customermanagementframework/customers/list, which allows execution of SQL commands...
CVE-2025-22604
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ssnetsnmpdiskio or ssnetsnmpdiskbytes, a part of each OID will be used as a key in an array that is...
CVE-2024-45598
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the Poller Standard Error Log Path parameter in either Installation Step 5 or in Configuration-Settings-Paths tab to a local file inside the server. Then simply going to Logs tab and...
CVE-2024-51764
A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...
CVE-2024-51764
A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...
CVE-2024-51764
A security vulnerability has been identified in HPE Data Management Framework DMF Suite CXFS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...
Hewlett Packard Enterprise Data Management Framework 安全漏洞
Hewlett Packard Enterprise Data Management Framework HPE DMF is a data management framework from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise Data Management Framework that stems from vulnerability to unauthorized access locally or in a cluster...
CGA-RM26-RMF3-QJQC
Bulletin has no description...