CVE-2026-21571

This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of...

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

DNN Cross-Site Scripting Vulnerabilities

DNN also known as DotNetNuke is an open-source content management system CMS developed by the American company DNN, supported by Microsoft and based on the ASP.NET platform. This system features easy installation, scalability, and rich functionality. Versions of DNN prior to 9.13.10 and 10.2.0...

CVE-2026-24833 DotNetNuke.Core Vulnerable to Stored XSS in Module Description

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

CVE-2026-24784

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

CVE-2025-54057

Apache SkyWalking contains a stored/basic XSS vulnerability (CVE-2025-54057) due to improper neutralization of script-related HTML tags. Affects SkyWalking

CVE-2010-5338

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter dlgcaptchaaction is non-persistent in 10.1.3 and 10.2.0...

PT-2025-7452 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.0 and 9.3.0.9, including 8.3.x Description: The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

DEBIAN-CVE-2023-41101

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. getquery in httpmicrohttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions...

PT-2023-27787 · Opennds +1 · Opennds +1

Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 10.1.3 Description: An issue was discovered in the captive portal in OpenNDS, which has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the...

Microsoft SPNEGO Extended Negotiation 安全漏洞

Microsoft SPNEGO Extended Negotiation is a SPNEGO extension from Microsoft Corporation USA. A security vulnerability exists in Microsoft SPNEGO Extended Negotiation. The following products and editions are affected: Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 R2 for...

Sonicwall SMA100 操作系统命令注入漏洞

The SonicWall SMA100 is a secure access gateway appliance from SonicWALL USA. An operating system command injection vulnerability exists in SonicWall SMA100 version 10.2.0.5 and earlier versions, which can be exploited by an authenticated attacker to execute operating system commands on the targe...