19 matches found
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...
Bandit 安全漏洞
Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...
CVE-2026-42645
Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...
Tekton Pipelines 参数注入漏洞
Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. In versions 1.0.0 to 1.11.0 of Tekton Pipelines, there is a parameter injection vulnerability. This vulnerability stems from the fact that the revision parameter of the git resolver is passed directly as a positional...
EUVD-2025-209184
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
EUVD-2025-209178
IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...
CVE-2025-66486
IBM Aspera Shares versions 1.9.9–1.11.0 are vulnerable to HTML injection, enabling a remote attacker to inject HTML that runs in the victim’s browser within the site’s security context. The issue affects IBM Aspera Shares web application components and is addressed by upgrading to version 1.11.1 ...
EUVD-2025-209172
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
IBM Aspera Shares 安全漏洞
IBM Aspera Shares is a web application developed by IBM. Versions 1.9.9 to 1.11.0 of IBM Aspera Shares contain security vulnerabilities. These vulnerabilities stem from the lack of proper rate limiting on the frequency with which emails are sent to authenticated users, which may lead to email...
EUVD-2026-5256
Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through = 1.11.0...
CVE-2026-25012
Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through = 1.11.0...
EUVD-2025-203066
Authorization Bypass Through User-Controlled Key vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.11.0. The issue is fixed in version 1.12.1. Users are encouraged to upgrade to version 1.13.0, the latest release...
PT-2025-50905
Name of the Vulnerable Software and Affected Versions Apache Fineract versions through 1.11.0 Description A flaw exists in Apache Fineract related to insufficiently protected credentials. Upgrade to version 1.13.0, the latest release, to address this issue. The issue is resolved in version 1.12.1...
CVE-2025-66071
Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through = 1.11.0...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-beanutils-1.9.4.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of commons-beanutils-1.9.4.jar Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to sto...
CVE-2025-7030
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication TFA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.11.0...
CVE-2024-26580
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick 1 to solve it. 1...
PT-2022-11763 · Apache · Apache Avro
Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.10.2 and prior versions Description: A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. Recommendations: For Apache Avro...
jQuery 1.4.2 <= 1.11.0 XSS Vulnerability
jQuery is prone to a cross-site scripting XSS vulnerability via vectors related to use of the text method inside after. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...