IBM QRadar SIEM 安全漏洞

IBM QRadar SIEM is a solution developed by the American multinational company IBM, designed to protect assets and information from advanced threats using security intelligence. This solution provides features such as monitoring across the entire IT infrastructure and generating detailed reports o...

CVE-2026-2506

The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customername' data and rendering it in the admin customer list without output escaping. This makes it possible f...

CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'

The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customername' data and rendering it in the admin customer list without output escaping. This makes it possible f...

EUVD-2025-200098

Grav Admin Plugin is vulnerable to Cross-Site Scripting XSS Stored endpoint /admin/accounts/groups/group parameter datareadableName...

ROS-20250923-19

A vulnerability in the Zabbix universal monitoring system is related to insufficient cleaning of user data transmitted via the "Visible Name" field during automatic host deletion. data transmitted via the "Visible Name" field during automatic host deletion. Exploitation vulnerability could allow ...

CVE-2025-41038

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataGroupname' parameter in /apprain/admin/managegroup/add/...

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

...

CVE-2024-22705

A vulnerability was found in ksmbd in the Linux kernel's smb2getdataarealen in fs/smb/server/smb2misc. This flaw allows an attacker to cause an smbstrndupfromutf16 out-of-bounds access due to mishandling the relationship between Name data and CreateContexts data...

CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

UBUNTU-CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

CVE-2021-0997

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

My NJ Client APP has parallel override access vulnerability

My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. My Nanjing Client APP has a parallel override access vulnerability. Allowing an attacker to access all the real-name registered user and enterprise information and...

SAP Afaria - Stored XSS

Application: SAP Afaria 7 Vendor URL: http://www.sap.com Bugs: XSS Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669 Authors: Dmitry Chastukhin ERPScan Vulnerability information Class: XML External Entity CWE-79 Impact: Store...