8 matches found
CVE-2026-46398
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...
HAXCMS 安全漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...
CVE-2026-34945
Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the...
EUVD-2026-10497
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
EUVD-2025-37490
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls...
CVE-2025-36092 IBM Business Automation Insights improper input validation
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...
IBM Cloud Pak for Business Automation 安全漏洞
IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. A...
de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=3.0.1-25.0 <=4.0.5-25.0), org.keycloak:keycloak-guides (>=25.0.0 <=26.0.5) +6 more potentially affected by CVE-2024-9666 via org.keycloak:keycloak-quarkus-server (>=25.0.0 <=26.0.5)
org.keycloak:keycloak-quarkus-server MAVEN version =25.0.0, =3.0.1-25.0, =25.0.0, =25.0.0, =25.0.0, =26.0.0, =25.0.0, =25.0.0, =26.0.0, =26.0.5 Source cves: CVE-2024-9666 Source advisory: OSV:GHSA-JGWC-JH89-RPGQ...