Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

CVE-2025-11787

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 操作系统命令注入漏洞

The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. An operating system command injection vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the presence of command injection in the GetDNS,...

Linux Distros Unpatched Vulnerability : CVE-2015-7104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...

IBM Engineering Systems Design Rhapsody 缓冲区错误漏洞

IBM Engineering Systems Design Rhapsody is a model-driven development MDD environment for systems engineering and software development provided by IBM. IBM Engineering Systems Design Rhapsody suffers from a stack buffer overflow vulnerability that stems from the program not properly checking...

WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Le Ngoc Anh in WordPress Plugin URL Shortener | Conversion Tracking | AB Testing | WooCommerce versions = 9.0.2...

Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

WordPress plugin teachPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-10306 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions 8 through 9.0.1 JetBrains TeamCity version 9.0.2 is not affected, so only versions prior to 9.0.2 are considered vulnerable. Description: The issue allows bypass of account-creation restrictions via a crafted...

Intel SUR 代码问题漏洞

Intel SUR is a Software Asset Manager software from Intel Corporation USA. A security vulnerability exists in IntelR SUR version 2.4.8902, which stems from an improper condition check in the software that could allow a privileged user to covertly enable denial of service via network access...

PT-2022-26971 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows for a Reflected Cross Site Scripting via JavaScript Object Notation JSON in a query...

CVE-2022-30117

Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changin...

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

CVE-2022-29028

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...

jsoneditor Cross-site Scripting Vulnerability

Josdejong Jsoneditor is a web page based software for viewing, editing, and verifying Json data by the individual developer Josdejong. A cross-site scripting vulnerability exists in jsoneditor before 9.0.2, which allows the vulnerability to be triggered by injecting and executing JavaScript...

PYSEC-2020-110

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

CVE-2019-17311

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user...

CVE-2019-17297

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...