Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerabili...

PT-2026-6849

Summary Critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error messages by injecting...

PT-2026-6851

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

EUVD-2020-27247

Malware in sbrugna...

CVE-2020-6093

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file...

Security Bulletin: IBM Planning Analytics Cartridge has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Planning Analytics Cartridge. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of third-par...

Task Using Wasabi S3 Fails With "XML error: [Error document empty.]. Error code: [13]."

Due to an issue within Wassabi's infrastructure, the XML content provided to Veeam is unexpectedly blank...

Rocky Linux and virt-devel:Rocky Linux bug fix update

An update is available for sgabios, module.hivex, module.libvirt, module.virt-v2v, hivex, perl-Sys-Virt, module.libguestfs, module.nbdkit, netcf, swtpm, module.qemu-kvm, module.seabios, module.libvirt-python, virt-v2v, libtpms, module.supermin, libvirt-dbus, qemu-kvm, supermin, module.libvirt-dbu...

CVE-2020-6093

An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file...

CVE-2020-6093

Nitro Pro 13.9.1.155 suffers an information-disclosure vulnerability in its XML error handling during PDF processing. A crafted PDF can trigger uninitialized memory access via NitroPDF’s Javascript error handling pathway (Spidermonkey integration), exposing sensitive heap data. Public writeups (T...

Nitro Pro PDF Javascript XML error handling Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a...

SUSE-SU-2017:1387-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Version update to 7.1-4.5 bsc1038505 - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number -...

SUSE-SU-2017:1386-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Version update bsc1038505: - CVE-2016-9840: zlib: Out-of-bounds pointer arithmetic in inftrees.c - CVE-2016-9841: zlib: Out-of-bounds pointer arithmetic in inffast.c - CVE-2016-9842: zlib: Undefined left shift of negative number -...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...