CVE-1999-0366

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value...

CVE-2023-45161

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on...

WordPress All in One SEO Pack plugin <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Meta Description and Canonical URL vulnerability discovered by Ivan Kuzymchak in WordPress Plugin All In One SEO Pack versions = 4.8.1.1...

CVE-2025-2892 All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL

The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and...

WordPress Element Pack Pro Plugin < 8.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Element Pack Pro versions 8.0.0...

Security Bulletin: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...

Description of the security update for SharePoint Enterprise Server 2016: May 13, 2025 (KB5002722)

Description of the security update for SharePoint Enterprise Server 2016: May 13, 2025 KB5002722 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: May 13, 2025 (KB5002712)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: May 13, 2025 KB5002712 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and...

IBM DB2 DoS (7232336) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2024-52903...

IBM DB2 DoS (7232336) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

@qaios/runner (>=0.1.0 <=0.1.3), @web-desktop-environment/development-edition-server (>=0.0.4 <=2.0.0-alpha.11) +1 more potentially affected by CVE-2025-47269 via code-server (>=3.12.0 <=4.5.1)

code-server NPM version =3.12.0, =0.1.0, =0.0.4, =1.0.1, =2.0.0-alpha.11 Source cves: CVE-2025-47269 Source advisory: OSV:GHSA-P483-WPFP-42CJ...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...

IBM DB2 DoS (7232518) (Windows)

According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. CVE-2025-1493 Not...

IBM DB2 DoS (7232518) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. CVE-2025-1493 Note...

Malicious code in windows-api-codec-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92245ebaf3540c628e01a2ec1741659ca0285f765539581481af03e857d4d31f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024147 fixes one issue. The following security issue was fixed: CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2025-27907)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...

Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)

Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...

Security Bulletin: Stored Cross-Site Scripting in Tivoli Application Dependency Discovery Manager (CVE-2020-4339)

Summary Stored Cross Site Scripting vulnerabilities have been found during the test on TADDM. It is mostly exploited in order to hijack authenticated users sessions. The issue results from lack of proper input verification and lack of proper output encoding. A stored XSS takes place when any user...

Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001023 fixes one issue. The following security issue was fixed: CVE-2024-56650: netfilter: xtables: fix LED ID check in ledtgcheck bsc1235431. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...