275946 matches found
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.
Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268 and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION:...
DEBIAN-CVE-2026-45149
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...
CVE-2026-45372
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...
CVE-2026-45625
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
CVE-2026-45627
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...
CVE-2018-25392
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
RLSA-2026:18479 Important: qemu-kvm security update
Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shi...
EUVD-2018-21919
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...
CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...
CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
CVE-2018-25392
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability exploitable by authenticated users through the log_activity function. The flaw occurs in /index.php/user/log_activity where parameters nomor, user, and jenis can be tainted with arbitrary SQL. Successful exploitation can enumerate...
CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
RHSA-2026:13745 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Bulletin has no description...
BELL-CVE-2026-46100 CVE-2026-46100 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-46097 CVE-2026-46097 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-46067 CVE-2026-46067 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-46081 CVE-2026-46081 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-46057 CVE-2026-46057 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-46055 CVE-2026-46055 does not affect BellSoft software
Bulletin has no description...