12 matches found
CVE-2026-37713
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php...
CVE-2026-37711
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...
CVE-2026-37711
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...
CVE-2026-35446
LORIS (Longitudinal Online Research and Imaging System) contains a path traversal vulnerability in the FilesDownloadHandler. From 24.0.0 up to but not including 27.0.3 and 28.0.1, an incorrect order of operations could allow an attacker to escape the intended download directories. The issue is fi...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 24.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from incorrect operation sequences in the FilesDownloadHandler...
EUVD-2025-37490
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls...
CVE-2025-36092 IBM Business Automation Insights improper input validation
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...
IBM Cloud Pak for Business Automation 安全漏洞
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +8 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=24.0.0 <=24.0.5)
org.keycloak:keycloak-model-storage-services MAVEN version =24.0.0, =2.5.6-24.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.0, =24.0.5 Source cves: CVE-2025-9162 Source advisory: OSV:GHSA-8HXP-QMPH-W5GQ...
IBM Cloud Pak for Business Automation 跨站脚本漏洞
IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. A cross-site scripting vulnerability exists in IBM Cloud Pak for Business...
PT-2024-25945 · Syracuse · Avantra Server
Name of the Vulnerable Software and Affected Versions: Avantra Server versions 24.0.0 through 24.0.6 Avantra Server versions 24.1.0 through 24.1.0 Description: The issue concerns the mishandling of dashboard security. If a user can create a dashboard with an auto-login user, data disclosure may...
SUSE CVE-2023-32319
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...