ROS-20260529-73-0019

The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

PT-2026-32937

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

CVE-2026-2862 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive...

CVE-2026-1561 IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

Siemens APE1808 Insufficient Session Expiration (CVE-2025-25252)

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

GHSA-RCCQ-2FXQ-7X3H LimeSurvey is vulnerable to SQL injection

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

Advisory ROSA-SA-2026-3172

Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 unaffected versions = libssh-0.9.6-16.rv30 affected versions libssh-0.9.6-16.rv30 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation...

EUVD-2025-206663

A vulnerability in update-reports-purge-settings.sh script logging for Brocade SANnav before 2.4.0a could allow the collection of SANnav database password in the system audit logs. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the Brocade...

ROS-20260122-73-0027

Vulnerability in httpd related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data...

CVE-2005-1804

Multiple SQL injection vulnerabilities in Net Portal Dynamic System NPDS 5.0 allow remote attackers to execute arbitrary SQL commands via the 1 terme parameter in the glossaire module glossaire.php or 2 query parameter to links.php...

CVE-2023-40771

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function...

CVE-2022-23176

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2U1, 12.x before 12.1.3U3, and 12.2.x through 12.5.x before...

CVE-2019-18375

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console...

CVE-2020-24381

GUnet Open eClass Platform aka openeclass before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default...

CVE-2023-43699

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited...

CVE-1999-0495

A remote attacker can gain access to a file system using .. dot dot when accessing SMB shares...

PT-2026-1460

Name of the Vulnerable Software and Affected Versions Dell Unisphere for PowerMax versions 9.2.4.x Description Dell Unisphere for PowerMax versions 9.2.4.x contain an Improper Restriction of XML External Entity Reference issue. A low privileged attacker with remote access could potentially exploi...

ROS-20251219-7304

Vulnerability in mongodb-org related to flaws in authorization procedure. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20251203-15

Vulnerability in Go library for decoding common map values into structures and vice versa mapstructure is related to incorrect neutralization of output data for logs. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...