CVE-2026-21959

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Loader. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful...

CVE-2025-58741 Insecure Masked Credential Fields Enable Database Credential Access in Milner ImageDirector Capture

Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808...

GHSA-7JC7-G598-2P64 XDocReport affected by an XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file...

actpdf (>=0.1.0 <=0.12.0), agenticmem (>=0.1.4.1 <=0.1.5.0) +212 more potentially affected by CVE-2025-68616 via weasyprint (>=0.28.0 <=67.0.0)

weasyprint PYPI version =0.28.0, =0.1.0, =0.1.4.1, =0.5.0, =0.1.1, =0.1.1, =0.1.0, =0.5.0, =0.3.18, =1.1.0, =0.1.0, =0.1.5 and more Source cves: CVE-2025-68616 Source advisory: OSV:GHSA-983W-RHVV-GWMV...

CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

CVE-2025-33015

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2025-1722

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVE-2025-1722 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), 10t-images-to-pdf (=1.0.3) +13762 more potentially affected by CVE-2026-23950 via tar (>=7.0.0 <=7.5.3)

tar NPM version =7.0.0, =0.1.0-dev.0de2bc6, =0.0.1, =3.1.2, =1.0.1, =4.11.0, =1.0.1, =1.31.1, =2.0.0, =0.1.0, =0.1.0, =1.7.0-beta.7, =0.1.0, =0.1.8 and more Source cves: CVE-2026-23950 Source advisory: SNYK:JS-TAR-15038581...

IBM Application Gateway cross-site scripting vulnerability

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

PT-2026-3583

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions 7.0.9 to 7.6.3.25808 of Milner ImageDirector Capture contain security vulnerabilities. These vulnerabilities stem from insufficient protection of credenti...

Milner ImageDirector Capture security vulnerability

Milner ImageDirector Capture is a document collection and digital asset management software developed by the American company Milner. Versions of Milner ImageDirector Capture from 7.0.9.0 to 7.6.3.25808 had security vulnerabilities. These vulnerabilities stemmed from the use of default credential...

Oracle Financial Services Applications security vulnerabilities

Oracle Financial Services Applications is a set of financial services software developed by Oracle Corporation in the United States. This product includes core banking, online banking, and property management functions. FLEXCUBE Universal Banking is one of the Internet and mobile banking business...

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self

OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for each version. When a version contains work...

CVE-2026-0610

SQL Injection vulnerability in remote-sessions in Devolutions Server.This issue affects Devolutions Server 2025.3.1 through 2025.3.12...

org.apache.linkis:linkis-public-enhancements (>=1.0.3 <=1.7.0) potentially affected by CVE-2025-59355 via org.apache.linkis:linkis-metadata (>=1.0.3 <=1.7.0)

org.apache.linkis:linkis-metadata MAVEN version =1.0.3, =1.0.3, =1.7.0 Source cves: CVE-2025-59355 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035880...

OpenProject cross-site scripting vulnerabilities

OpenProject is an open-source web-based project management software. Versions 16.3.0 to 16.6.4 of OpenProject contain cross-site scripting vulnerabilities. These vulnerabilities stem from the lack of escaping of user-controlled sub-project names in the roadmap view, which may lead to...