Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.4.0 through 9.4.46, and 10.0.0 through 10.0.9, as well as 11.0.0 through 11.0.9, the parsing of the authority segment of an http scheme URI causes the Jetty HttpURI class to incorrectly detect an invalid input as a hostname. This can lead to failures in a Proxy scenari...

CVE-2025-36074

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

IBM Security Verify Directory 代码问题漏洞

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. A file upload vulnerability exists in IBM Security Verify Directory versions 10.0.0 through 10.0.0.3. The vulnerability stems from an unverified file type and can be...

EUVD-2026-19249

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

PT-2026-26022

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza custom js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin post...

📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials

Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...

CVE-2024-47829 pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

CVE-2024-49814

IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges...

CVE-2024-43187

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors...

PT-2024-33690 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 Description: The issue concerns the presence of hard-coded credentials, such as a password or cryptographic key, used for inbound authentication, outbound communication to...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from a security flaw in the PUT /api/user handler...

CVE-2023-31004

IBM Security Access Manager Container IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1 could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765...

PT-2023-9268 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue is related to Cross-site Scripting, where an administrator can store malicious code in help links. This can be exploited by a remote attacker to save arbitrary code in the help links...

PT-2023-18551 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.5 Description: The issue allows unauthorized access to inventory files. If anonymous access to FAQ is allowed, inventory files become accessible by unauthenticated users. Recommendations: For GLPI versions...

CVE-2022-22464

IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081...

Quicklert SQL注入漏洞

Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...

CVE-2018-0704

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen...

HPE Network Node Manager Cross-Site Scripting Vulnerability

HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. A cross-site scripting vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, 10.01, whic...