Use of Incorrectly-Resolved Name or Reference

Overview @cyclonedx/cdxgen is a Creates CycloneDX Software Bill of Materials SBOM from source or container image Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in path resolution performed in docker.js, before credential selection. An attacker wh...

CVE-2026-5362

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...

CVE-2026-5394

An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. This issue affects pimcore: 12.3.3...

CVE-2026-5362 Pimcore Platform v12.3.3 - Stored XSS in Document Editable Embed rendering

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...

PT-2026-21658

Name of the Vulnerable Software and Affected Versions Pimcore versions up to and including 11.5.14.1 Pimcore versions up to and including 12.3.2 Description Pimcore is an Open Source Data & Experience Management Platform. The filter query parameter in the dependency listing endpoints is processed...

EUVD-2012-2441

Malware in sbrugna...

PT-2020-5156 · Ruby +2 · Rake +2

Name of the Vulnerable Software and Affected Versions: Rake versions prior to 12.3.3 Description: The issue is related to an OS command injection vulnerability in the Rake::FileList class of the Rake build automation tool. This vulnerability arises from the failure to neutralize special elements...

CVE-2019-2728

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Code injection

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Networking. Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2018-2742

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Framework. Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...