276247 matches found
DEBIAN-CVE-2025-61639
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This...
DEBIAN-CVE-2025-61635
Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit:...
DEBIAN-CVE-2025-61638
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects...
DEBIAN-CVE-2025-61636
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...
DEBIAN-CVE-2025-61634
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
PT-2026-6003
Name of the Vulnerable Software and Affected Versions AKCE Software Technology R&D Industry and Trade Inc. SKSPro versions through 07012026 Description An issue exists in AKCE Software Technology R&D Industry and Trade Inc. SKSPro that allows for Reflected Cross-site Scripting XSS. This is due to...
Wikimedia MediaWiki 安全漏洞
Wikimedia MediaWiki is a web application developed by the Wikimedia Foundation for building Wiki websites. Versions of MediaWiki prior to 1.39.16, 1.43.6, 1.44.3, and 1.45.1 contained security vulnerabilities due to a flaw in the includes/Api/ApiQueryRevisionsBase.Php file...
PT-2026-5942
Name of the Vulnerable Software and Affected Versions Ankara Hosting Website Design Website Software version 03022026 Description The software contains a Reflected Cross-site Scripting XSS issue due to improper neutralization of input during web page generation. This allows an attacker to inject...
Linux Distros Unpatched Vulnerability : CVE-2025-36184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their...
Linux Distros Unpatched Vulnerability : CVE-2025-36423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper...
This Week in Spring - February 3rd, 2026
Hi, Spring fans! This week I'm in northern Europe. I went on the Vaadin cruise from Finland to Sweden, gave a talk on a boat, then arrived in Stockholm in time for the amazing JFokus 2026 event where I had the privilege yesterday of doing a deep dive with my pal James Ward on Spring AI and agenti...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the project import function not properly cleaning or sandboxing the scripts provided by users. As a result, remote code execution may...
Linux Distros Unpatched Vulnerability : CVE-2025-36365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage...
LUNA software 跨站脚本漏洞
LUNA software is a digital audio workstation developed by the British company LUNA. Version 7.5.5.6 of LUNA software contains a cross-site scripting vulnerability. This vulnerability stems from the improper handling of user input in the Edit Batch Name function, which may lead to storage-based...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from unsafe default configurations in the server/settings.default.js file, which disable authentication. As a result, unauthenticated remot...
PT-2026-5838
Name of the Vulnerable Software and Affected Versions School ERP Pro version 1.0 Description School ERP Pro version 1.0 has a flaw that allows attackers to read arbitrary files without needing to log in. This is possible by manipulating the document parameter within the 'download.php' file. By...
PT-2026-6184
Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.15 Apache Syncope versions 4.0 through 4.0.3 Description An issue exists in Apache Syncope Console where an administrator with sufficient privileges to create or edit Keymaster parameters can construct...
PT-2026-6002
Name of the Vulnerable Software and Affected Versions Seres Software syWEB versions through 03022026 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. The vendor was contacted...
Ankara Host Website Software 跨站脚本漏洞
Ankara Host Website Software is a web design software developed by Ankara Host in Turkey. Versions of Ankara Host Website Software prior to 03022026 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, and could lead to...
Information Leakage Vulnerability in E3 Omni-Channel Central Platform of Shanghai Esaote Software Co.
E3 Omni-Channel Middle is an omni-channel new retail solution product for medium and large enterprises. Ltd. E3 Omni-Channel Middleware suffers from an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...