PT-2026-48555

Simple Link Directory through 9.0.4 interpolates the sld no results found option into a JavaScript string literal without encoding. Because sanitize text field leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

National Security Agency Ghidra Arbitrary Code Execution Vulnerability

NSA Ghidra is an open source reverse engineering tool from the National Security Agency NSA. Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java in National Security Agency Ghidra 9.0.4 and earlier versions FileBitPatternInfoReader.java file contains an...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2017-27828)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in IBM WAS...