CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-64518

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

CycloneDX Core 代码问题漏洞

CycloneDX Core is a CycloneDX BOM Standard open source aid for creating SBOM applications. A code issue vulnerability exists in CycloneDX Core versions prior to 11.0.1 that stems from an unsecured configuration of the XML Validator, which could lead to an XML external entity injection attack...

CVE-2025-8661 Stored Cross-Site Scripting in Symantec PGP Encryption 11.0.1

A stored Cross-Site Scripting vulnerability XSS occurs when the server does not properly validate or encode the data entered by the user...

CVE-2025-8660 Privilege Escalation in Symantec PGP Encryption 11.0.1

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...

CVE-2025-8660 Privilege Escalation in Symantec PGP Encryption 11.0.1

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...

DoS (Denial of Service) Third-Party Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, and 10.7.1 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

CVE-2025-47108

Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2021-38565

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows writing to arbitrary files via submitForm...

Nakivo Backup & Replication 代码问题漏洞

Nakivo Backup & Replication is a reliable, fast and affordable virtual machine backup solution from Nakivo USA. A code issue vulnerability exists in Nakivo Backup & Replication versions 10.3.x through 11.0.1, which stems from an XXE vulnerability that allows remote attackers to obtain and parse a...

CVE-2024-41778

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts...

IBM Cognos Controller和IBM Controller 信任管理问题漏洞

IBM Cognos Controller and IBM Controller are both products of International Business Machines IBM.IBM Cognos Controller is a business intelligence and planning solution. The product features process automation, financial audit control, and the creation and management of financial reports.IBM...

CVE-2024-41776

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2024-25019

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An encryption issue vulnerability exists in IBM Cognos...

UBUNTU-CVE-2024-52318

Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue...