CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

CVE-2026-21730 Stored XSS in Verba

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

2026-04 .NET 10.0.6 Security Update for x64 Server (KB5086095)

2026-04 .NET 10.0.6 Security Update for x64 Server KB5086095...

MAL-2025-48556 Malicious code in qwant-search-extension (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b62fa18764e78b78ad37bea56c978df2cba57aa015e3b3eb13b0fc74e05678b1 The OpenSSF Package Analysis project identified...

EUVD-2023-26853

Malicious code in bioql PyPI...

EUVD-2022-4924

Malicious code in bioql PyPI...

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

CVE-2023-22500

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by...

CVE-2023-22724

GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting XSS payloads inside RSS links. Victims who wish to visit an RSS conten...

CVE-2025-0942

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06...

CVE-2025-0942

CVE-2025-0942 affects Jalios JPlatform 10 SP6 before 10.0.6, where the DB chooser functionality improperly neutralizes special elements in SQL commands, enabling unauthenticated users to trigger an SQL injection. Remediation: upgrade to 10.0.6 or apply the PatchPlugin release issued on 2023-02-06...

GFI KerioConnect 代码注入漏洞

GFI KerioConnect is an enterprise-grade email and collaboration solution from GFI that provides mail, calendar, contacts, tasks, and file sharing. A code injection vulnerability exists in GFI KerioConnect version 10.0.6, which stems from a cross-site scripting vulnerability in the Signature Handl...

CVE-2024-25027

IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...

PT-2023-3264 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.85 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient user data sanitization on search pages, allowing an attacker to craft a malicious link that can exploit a reflected XSS wh...

PT-2023-21325 · Edrawmind · Edrawmind

Name of the Vulnerable Software and Affected Versions: Edrawmind version 10.0.6 Description: An issue in Edrawmind allows a remote attacker to execute arbitrary commands via the WindowsCodescs.dll file. Recommendations: For Edrawmind version 10.0.6, at the moment, there is no information about a...

CVE-2023-22722

GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the...