OpenText Content Management 安全漏洞

OpenText Content Management is an enterprise content management software from OpenText Canada. A security vulnerability exists in OpenText Content Management versions 10.0 through 24.4, which stems from improper validation of input. An attacker could exploit the vulnerability to remotely execute...

PT-2025-5685 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

io.kestra:jdbc (>=0.10.0 <=0.20.10), io.kestra:jdbc-h2 (>=0.18.0 <=0.20.10) +5 more potentially affected by unknown CVE via io.kestra:core (>=0.10.0 <=0.20.10)

io.kestra:core MAVEN version =0.10.0, =0.10.0, =0.18.0, =0.10.0, =0.10.0, =0.16.5, =0.10.0, =0.18.0, =0.20.10 Source cves: unknown CVE Source advisory: SNYK:JAVA-IOKESTRA-8687935...

Files 安全漏洞

Files is a single-file PHP application from the individual developer Karl Ward. It can be dragged and dropped into any directory, allowing browsing of the files and directories within. A security vulnerability exists in Files versions v0.3.0 through 0.11.0, which stems from the presence of a...

PYSEC-2025-26

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the...

acedeploy (>=2.4.15 <=2.4.115), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +125 more potentially affected by CVE-2025-24793 via snowflake-connector-python (>=2.2.5 <=3.13.0)

snowflake-connector-python PYPI version =2.2.5, =2.4.15, =2.4.0, =0.0.4, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =0.5.1, =1.0.5, =1.0.6 and more Source cves: CVE-2025-24793 Source advisory: OSV:GHSA-2VPQ-FH52-J3WV...

acedeploy (>=2.4.15 <=2.4.115), apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1) +106 more potentially affected by CVE-2025-24795 via snowflake-connector-python (>=2.3.7 <=3.13.0)

snowflake-connector-python PYPI version =2.3.7, =2.4.15, =2.4.0, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =1.1.4 - datacontract-cli =0.10.4 and more Source cves: CVE-2025-24795 Source advisory: SNYK:PYTHON-SNOWFLAKECONNECTORPYTHON-8675785...

PT-2025-5570 · Snowflake · Snowflake Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Snowflake JDBC Driver versions 3.2.3 through 3.21.0 Description: The issue allows an attacker with write access to a directory in the %PATH% to escalate their privileges to the user that runs the vulnerable JDBC Driver version when the...

PT-2025-1432 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.10 Description: The issue makes it easier for attackers to compromise user accounts due to the lack of a requirement for strong passwords by default. Recommendations: For IBM Aspera Faspex versions...

Security Bulletin: A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may lead to a denial of service (CVE-2024-30105).

Summary A vulnerability in Microsoft .NET affects IBM Robotic Process Automation and may lead to a denial of service. Microsoft .NET is used as the development framework for IBM Robotic Process Automaion. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabili...

CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

CVE-2025-23656

CVE-2025-23656 describes a Missing Authorization vulnerability in the WordPress plugin Donate visa (Saul Morales Pacheco) that allows Stored Cross-Site Scripting (XSS) in versions n/a through 1.0.0. The vulnerability arises from missing authorization controls, enabling an attacker to inject and p...

PT-2025-1442 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1 Description: The issue is related to deficiencies in the error reporting mechanism of IBM Cloud Pak System, which could allow a remote attacker to gain unauthorized access to protect...

PT-2025-1444 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.6 through 2.3.4.0 Description: The issue is related to shortcomings in the error reporting mechanism of IBM Cloud Pak System, which could allow a remote attacker to gain unauthorized access to protected...

PT-2025-1439 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.6 through 2.3.4.0 Description: The issue is related to incorrect restriction of a directory path name with limited access. Exploitation of this issue may allow a remote attacker to disclose protected...

CVE-2025-23838 WordPress Bauernregeln Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from n/a through = 1.0.1...

PT-2025-5396 · Unknown · Rstheme Ultimate Coming Soon & Maintenance

Name of the Vulnerable Software and Affected Versions: RSTheme Ultimate Coming Soon & Maintenance versions 1.0.0 through 1.0.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions 1.0.0 through 1.0.9,...

CVE-2025-23636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

CVE-2023-50309

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...