BIT-JRE-2020-2781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

BIT-JRE-2020-2773

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

PT-2026-38717

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

PT-2026-38725

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

PT-2026-37696

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

PT-2026-37694

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2026-29047

CVE-2026-29047 affects GLPI; from 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This is fixed in 10.0.24 and 11.0.6. Impact includes potential confidentiality, integrity, and availability risks. Remediation: upgrade to GLPI 10....

CVE-2026-22704

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

CVE-2026-22704

HAX CMS (HAX) has a stored XSS vulnerability affecting versions 11.0.6 up to, but not including, 25.0.0. The issue can lead to account takeover by injecting malicious HTML/JavaScript via uploaded content, with the Red Hat/ENISAOSV/NVD entries and Snyk advisory corroborating the stored XSS path an...

PT-2026-2254

Name of the Vulnerable Software and Affected Versions HAX CMS versions 11.0.6 through 24.x HAX CMS versions prior to 25.0.0 Description HAX CMS, which manages microsite universes with PHP or NodeJs backends, is subject to a stored cross-site scripting XSS issue. This flaw potentially allows for...

EUVD-2023-54341

Malicious code in bioql PyPI...

EUVD-2023-27818

Malicious code in bioql PyPI...

CVE-2023-41239

Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...

PT-2023-29311 · Johnson Controls · Metasys +1

Name of the Vulnerable Software and Affected Versions: Johnson Controls Metasys NAE55, SNE, and SNC engines versions prior to 11.0.6 and 12.0.4 Facility Explorer F4-SNC engines versions prior to 11.0.6 and 12.0.4 Description: Under certain circumstances, invalid authentication credentials could b...