555 matches found
EUVD-2026-41279
Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...
CVE-2026-11594
CVE-2026-11594 affects IBM WebSphere Application Server components (8.5 and 9.0; with related advisories also mentioning 9.1) where the administrative console is vulnerable to cross-site scripting. The core issue is XSS in the administrative console login/page rendering. Public bulletins from IBM...
CVE-2026-12084
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 XSS (7277546)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7277546 advisory. - IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console login page. CWE: CWE-79: Improp...
CVE-2025-62180 Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...
CVE-2026-9006
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
CVE-2026-35274
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
CVE-2026-35279
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Performance Monitor. Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
Security Bulletin: IBM WebSphere Application Server is affected by an authentication bypass vulnerability (CVE-2026-10845)
Summary IBM WebSphere Application Server is affected by a an authentication bypass when a JAX-WS application is deployed. Vulnerability Details CVEID:CVE-2026-10845 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to bypass authentication and gain unauthorized access to...
GHSA-7Q4V-2MR6-5GPX Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability
Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...
CVE-2026-48883
Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...
CVE-2026-48518
Affected software: MultiJuicer (versions 8.0.0–10.0.0) running on a central Kubernetes deployment. Vulnerability: CSRF in the team join endpoint (POST /multi-juicer/api/teams/{team}/join) that accepts any Content-Type, bypassing CORS preflight and enabling a cross-site form to force a victim to j...
Progress Sitefinity 安全漏洞
Progress Sitefinity is an open-source platform developed by the American company Progress, used for building corporate websites and internal networks. Versions of Progress Sitefinity from 8.0.5700 to 13.3.7652 have security vulnerabilities. These vulnerabilities stem from insufficient credential...
CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...
CVE-2026-9311 IBM WebSphere Application Server is affected by remote code execution
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...
EUVD-2026-33735
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...
CVE-2018-25392 MaxOn ERP Software 8.x-9.x SQL Injection via nomor Parameter
MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server
Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2026-8834, CVE-2026-8852, CVE-2026-8856, CVE-2026-8850, CVE-2026-8854, CVE-2026-8855, CVE-2026-8835,...
Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)
Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...
CVE-2026-2253
Hitachi Vantara Pentaho Data Integration & Analytics is affected by an XXE issue in XML parsing. Versions before 10.2.0.7 and 11.0.0.0 (including 9.3.x and 8.3.x) do not sufficiently restrict external entities, enabling potential confidentiality impact. CVSSv3.1 base score 7.7 (HIGH) with NETWORK...