OpenText Content Management 代码问题漏洞

OpenText Content Management is an enterprise content management software from OpenText Canada. A code issue vulnerability exists in OpenText Content Management versions 20.4 through 25.3, which stems from a sophisticated cache poisoning technique that could lead to an authenticated attacker...

PT-2025-37162

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 through 27.3.4.3 Erlang OTP versions 27.3.4.3 Erlang OTP versions 28.0.3 ssh versions 3.0.1 through 5.3.3 ssh versions 5.1.4.12 ssh versions 5.2.11.3 Description An Allocati...

PT-2025-37183

In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known...

CVE-2025-43784

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the API Builder...

@lightnet/decap-admin (>=2.0.9 <=2.4.1), trivet (>=2.1.0 <=2.1.1) potentially affected by CVE-2025-57520 via decap-cms (>=3.0.12 <=3.12.2)

decap-cms NPM version =3.0.12, =2.0.9, =2.1.0, =2.1.1 Source cves: CVE-2025-57520 Source advisory: SNYK:JS-DECAPCMS-12997397...

@lightnet/decap-admin (>=2.0.9 <=2.4.1), trivet (>=2.1.0 <=2.1.1) potentially affected by CVE-2025-57520 via decap-cms (>=3.0.12 <=3.12.2)

decap-cms NPM version =3.0.12, =2.0.9, =2.1.0, =2.1.1 Source cves: CVE-2025-57520 Source advisory: OSV:GHSA-XP8G-32QH-MV28...

CVE-2025-8696 DoS attack against the Stork UI from an unauthenticated user

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0...

CVE-2025-8681

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role...

CVE-2025-8681

The CVE-2025-8681 entry describes a Stored XSS vulnerability in Pega Platform UI components affecting versions 7.1.0 through Infinity 24.2.2. A high-privilege user with a developer role is required to exploit. The issue stems from a stored XSS flaw in the user interface component, enabling inject...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-37086

Name of the Vulnerable Software and Affected Versions: Stork versions 1.0.0 through 2.3.0 Description: An unauthenticated user sending a large amount of data to the Stork UI may cause memory and disk usage problems on the system running the Stork server. Recommendations: For versions 1.0.0 throug...

Liferay Portal exposes ERC which can lead to exploit the time response attack

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...

Liferay Portal is vulnerable to XSS attack through its search bar portlet

A reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary web script or HTML via the URL in search bar...

CVE-2025-36011

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...

CVE-2025-36011

CVE-2025-36011 affects IBM Jazz for Service Management versions 1.1.3.0–1.1.3.24. The underlying issue is that authorization tokens and session cookies are stored without the Secure attribute, enabling cookie disclosure if a user is directed to or visits an insecure HTTP link. This could allow an...

CVE-2025-47437

Server-Side Request Forgery SSRF vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through = 7.0.1...

IBM Jazz for Service Management 安全漏洞

IBM Jazz for Service Management is an integrated service management product from International Business Machines IBM that provides visibility into the service management environment. A security vulnerability exists in IBM Jazz for Service Management versions 1.1.3.0 through 1.1.3.24, which stems...

PT-2025-36769

Name of the Vulnerable Software and Affected Versions: Majestic Support versions n/a through 1.1.0 Description: A missing authorization issue exists in Majestic Support. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

CVE-2025-1761

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVE-2025-1761

CVE-2025-1761 affects IBM Concert Software versions 1.0.0–1.1.0, where a remote attacker could obtain sensitive information from allocated memory due to improper clearing of heap memory. The issue is documented across multiple sources, with IBM attributing a memory-disclosure risk via heap-cleari...