CVE-2025-61166

An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL...

EUVD-2025-26301

Malicious code in bioql PyPI...

EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read', 'Description' = %q EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that...

CVE-2024-31510

Removed by vendor...

CVE-2023-39245

Dell ESI for SAP LaMa (LAMA) version 10.0 is affected by an information-disclosure vulnerability in the EHAC component. An unauthenticated remote attacker could potentially eavesdrop network traffic to obtain administrator-level credentials. The CVE-2023-39245 entry is rated CRITICAL (CVSS 3.1: A...

CVE-2023-39437

Affected product: SAP Business One, version 10.0. Vulnerability: Cross-site scripting (XSS) via injection of malicious code into web page or application content delivered to the client. Root cause (as described): content rendering/input handling allows execution of injected script. Impact: as des...

CVE-2022-28771

SAP Business One License service API (version 10.0) is affected by a vulnerability caused by a missing authentication check. The issue allows an unauthenticated, remote attacker to send malicious HTTP requests over the network, potentially breaking the whole application and making it inaccessible...

CVE-2021-33698

CVE-2021-33698 affects SAP Business One 10.0. An attacker with business authorization can upload any files (including script files) due to insufficient file-format validation in the upload flow. The issue enables arbitrary file upload on the server, with potential to escalate impact depending on ...

CVE-2021-33686

CVE-2021-33686 affects SAP Business One version 10.0 and is an information-disclosure vulnerability where an unauthorized attacker could access some encrypted sensitive information under certain conditions. The available documents identify the affected product/version and that the impact is confi...

CVE-2020-7846

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

Design/Logic Flaw

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page...

Authentication flaw

HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources...

CVE-2020-14246

HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials...

CVE-2020-14245

CVE-2020-14245 affects HCL OneTest UI (versions 9.5, 10.0, 10.1) and is described as not performing authentication for functionality that requires a provable user identity or that can consume significant resources. The CVE is cited with a high-severity network-access risk (NVD CVSSv2: 7.5, partia...

Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-13664 DESCRIPTION: Drupal core could allow a remote attacker to execute arbitrary code on the system, caused by code injection flaw. By persuading a victim to visit a specially-crafted web...

Security Bulletin:IBM Integration Bus is affected by deserialization RCE vulnerability in IBM WebSphere JMS Client

Summary WebSphere MQ V9.0 libraries are shipped in IBM Integration Bus and hence IBM Integration Bus is vulnerable to IBM WebSphere MQ JMS client deserialization RCE vulnerability. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS client provides classes that deserializ...

Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown

Summary IBM has released the following patch for IBM Security Guardium in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM Security Guardium V8.2 IBM Security Guardium...

Security Bulletin: Session Identifier Not Updated vulnerability affects IBM Security Guardium (CVE-2017-1270 )

Summary IBM Security Guardium does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID: CVE-2017-1270 DESCRIPTION: IBM Security Guardium does no...

Security Bulletin: OS Command Injection vulnerability affects IBM Security Guardium (CVE-2017-1253 )

Summary IBM Security Guardium could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2017-1253 DESCRIPTION: IBM Security Guardium could allow a remote authenticated attacker to...

Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122)

Summary IBM Security Guardium contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM Security Guardium has addressed this issue Vulnerability Details CVEID: CVE-2017-1122 DESCRIPTION: IBM Security Guardium...