788 matches found
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. id: CVE-2021-42063 info: name: SAP Knowledge Warehouse =7.5.1 to mitigate the XSS vulnerability. reference: -...
CVE-2026-56642
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network...
CVE-2026-56642 Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability
...
CVE-2026-56642
CVE-2026-56642 affects Microsoft Fabric Data Warehouse. The vulnerability is a stack-based buffer overflow in the Data Warehouse component that could allow an authenticated, network-attacking adversary to execute arbitrary code. The CVSS–3.1 vector indicates attack vector: network; attack complex...
Microsoft Fabric Data Warehouse Remote Code Execution Vulnerability
Stack-based buffer overflow in Microsoft Fabric Data Warehouse allows an authorized attacker to execute code over a network...
KLA91151 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation...
CVE-2023-33854
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...
CVE-2023-33854 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques...
CVE-2025-2669 Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
CVE-2025-2669
CVE-2025-2669 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions 4.8, 5.0, 5.1, 5.2, 5.3). The root cause is improper token validation, enabling a privileged user to perform operations and access sensitive information outside their authority. The available sou...
CVE-2024-54178
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
EUVD-2026-34988
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is a security vulnerability in JeeWMS. This vulnerability stems from incorrect operations with parameters such as dbType/dbDriver/dbUrl/dbUsername/dbPassword in the JimuReport test-connection Endpoi...
CVE-2026-27681
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
EUVD-2026-32630
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...
CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases
FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...