19760 matches found
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...
Knowage Suite 7.3 - Cross-Site Scripting
Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. id: CVE-2021-30213 info: name: Knowage Suite 7.3 - Cross-Site Scripting author: alph4byt3 severity:...
Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion
Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...
CVE-2026-5269
In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...
CVE-2026-5269 Navigator NCS and MCP System Accounts with Default Passwords
In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...
CVE-2026-5269
Technical details about CVE-2026-5269 are not publicly available in the provided documents; no affected product versions, exploit information, or remediation specifics are included. Monitor for updates.
Oracle E-Business Suite <=12.2 - Authentication Bypass
Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...
Zimbra Collaboration Suite - Memcached Command Injection
Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft. id: CVE-2022-27924 info: name:...
EUVD-2025-210454
The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the starboard-suite-lightbox shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-13968
The CVE concerns the WordPress plug-in Starboard Suite Reservation Calendars (WordPress). It is vulnerable to Stored Cross-Site Scripting via the [starboard-suite-lightbox] shortcode attributes in all versions up to and including 3.1.4 due to insufficient input sanitization and output escaping. T...
CVE-2025-13968 Starboard Suite Reservation Calendars <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the starboard-suite-lightbox shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it...
EUVD-2026-43067
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
PT-2026-57386
Name of the Vulnerable Software and Affected Versions Starboard Suite Reservation Calendars versions prior to 3.1.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping within the starboard-suite-lightbox shortcode attributes. Authenticated...
CVE-2026-13243
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-13243
CVE-2026-13243 describes a CSRF vulnerability in the Drupal Salesforce Suite where the OAuth handshake during interactive authentication is not properly validated, enabling an attacker to hijack the authorization token and bind the site to the attacker’s Salesforce account. Affected versions are ...
CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...
Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution
Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...
[SECURITY] Fedora 44 Update: rust-inferno-0.12.6-3.fc44
Rust port of the FlameGraph performance profiling tool suite...