EUVD-2025-28591

Malicious code in bioql PyPI...

CVE-2025-55522

Cross-site scripting XSS vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

CVE-2025-55522

Cross-site scripting XSS vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter...

CVE-2024-53442

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component...

CVE-2024-53442

CVE-2024-53442 affects whapa v1.59; a command injection can be triggered by a crafted filename in the HTML reports component. The CVSSv3.1 base score is 9.8 (CRITICAL). Reported by multiple sources (NVD/Red Hat/CNNVD) with exploitation considerations and references. Practical impact is potential ...

PT-2024-35743 · Whapa · Whapa

Name of the Vulnerable Software and Affected Versions: whapa version 1.59 Description: The issue concerns command injection via a crafted filename in the HTML reports component. This allows for potential exploitation through manipulated file names. Recommendations: For whapa version 1.59, conside...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A cross-site scripting vulnerability exists in HCL BigFix Platform, which stems...

CVE-2023-37527

A reflected cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page...

PT-2024-12632 · Hcl · Hcl Bigfix Platform

Name of the Vulnerable Software and Affected Versions: HCL BigFix Platform affected versions not specified Description: A cross-site scripting XSS vulnerability in the Web Reports component can possibly allow an attack to exploit an application parameter during execution of the Save Report...

PT-2023-9590 · Oracle · Oracle Banking Liquidity Management

Name of the Vulnerable Software and Affected Versions: Oracle Banking Liquidity Management version 14.5.0.12.0 Description: The issue is related to a component called Reports in the Oracle Banking Liquidity Management product. It allows a low-privileged attacker with network access via HTTP to...

Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02355)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2022-02356)

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

Oracle E-Business Suite和Oracle Applications Manager 安全漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...

CVE-2021-2448

Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications component: Reports. The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the...

Oracle Financial Services Applications 安全漏洞

Oracle Financial Services Crime and Compliance Investigation Hub, an end-user application for comprehensive financial crime investigations, has a security vulnerability in the Reports component of Oracle Financial Services Crime and Compliance A security vulnerability exists in the Reports...

PT-2021-2849

Name of the Vulnerable Software and Affected Versions Oracle iSetup versions 12.1.3 and 12.2.3 through 12.2.10 Description The issue is related to errors in the code of the General Ledger Update Transform and Reports components of Oracle iSetup in the Oracle E-Business Suite system. This can allo...

CVE-2018-3014

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: Reports. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

Cross site scripting

Cross-site scripting XSS vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...

CVE-2015-6004

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via 1 the UniqueID aka sUniqueID parameter to WrFreeFormText.asp in the Reports component or 2 the Find Device parameter...