Description of the security update for PowerPoint 2016: April 14, 2026 (KB5002808)

Description of the security update for PowerPoint 2016: April 14, 2026 KB5002808 Summary This security update resolves a Microsoft PowerPoint remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2026-32200​​​​​​​​​​​​​​...

EUVD-2022-5066

Malicious code in bioql PyPI...

Description of the security update for Office 2016: December 10, 2024 (KB5002661)

Description of the security update for Office 2016: December 10, 2024 KB5002661 Summary This security update resolves a Microsoft Office remote code execution vulnerability and Microsoft Office elevation of privilege vulnerability. To learn more about the vulnerabilities, see the following securi...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins update-center2 version 3.13 and 3.14. An attacker exploited the vulnerability ...

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively...

Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks

A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively...

PT-2023-2263 · Jenkins · Jenkins Update-Center2 +1

Name of the Vulnerable Software and Affected Versions: Jenkins update-center2 versions 3.13 through 3.14 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the required Jenkins core version on plugin download index pages is rendered without...

Improper Neutralization of Input During Web Page Generation in Jenkins

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

GHSA-9M48-54PJ-H248 Improper Neutralization of Input During Web Page Generation in Jenkins

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...

GHSA-3RWX-3VWH-MWXC Jenkins Vulnerable to Denial of Service (DoS)

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service improper plug-in and tool installation via crafted update center data...

Jenkins Vulnerable to Denial of Service (DoS)

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service improper plug-in and tool installation via crafted update center data...

GHSA-R2JF-RC5V-VMPV Incorrect Authorization in Jenkins

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2021-38366

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

Remote code execution

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL...

CVE-2021-38366

CVE-2021-38366 affects Sitecore through 10.1 (Update Center enabled); remote authenticated users can upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at admin/Packages. Root cause: file upload leading to RCE. No exploitation status or patches provided in...

JVN#68418039: The installers of E START products may insecurely load Dynamic Link Libraries

The installers of E START products by GMO INSIGHT Inc. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries in the folder specified by the TEMP environment variable or where the installer resides CWE-427, CVE-2015-9267, and CVE-2015-9268. Impact...

"0x00000027" Stop error and unexpected restart in Windows Server 2012

"0x00000027" Stop error and unexpected restart in Windows Server 2012 This article describes an issue in which Stop error 0x00000027 occurs in Windows Server 2012. You can fix this issue by using the update in this article. How to get this update You can get this update by using one of the...

HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation

Potential Security Impact Information Disclosure, Privilege Escalation, and Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported by: Eldar Marcussen - xen1thLabs - Software Labs PSR-2019-0173, CVE-2019-16285, CVE-2019-16286, CVE-2019-16287, CVE-2019-18909,...

jenkins: stored cross-site scripting in update center web pages (SECURITY-1453)

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages...