CVE-2026-2736

Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

Remote code execution

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

CVE-2024-24216

CVE-2024-24216 affects Zentao versions 18.0–18.10, where a remote code execution is possible via the checkConnection method in /app/zentao/module/repo/model.php. Root cause is associated with the checkConnection functionality exposed by that endpoint; the vulnerability has a high impact on confid...

CVE-2022-40870

CVE-2022-40870 affects the Web Client of Parallels Remote Application Server v18.0. The issue is a Host Header Injection that allows an attacker to execute arbitrary commands via a crafted payload in the Host header. CVSSv3.1 base score 8.1 (High) with network access, high complexity, no privileg...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38900

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a information disclosure attack, potentially revealing sensitive information to an administrator. Vulnerability Details CVEID: CVE-2021-38900 DESCRIPTION: IBM Business Process Manager 8.5 and 8.6 and IBM...