XSS / SSRF hacks in SuiteCRM

Overview : SuiteCRM Lists Latest Updates of XSS / SSRF Vulnerabilities Affected Product(s) : SuiteCRM 7.11.x and 7.10.x before 7.11.8

Overview : The security vulnerabilities detected in JetBrains products as follows Affected Product(s) : JetBrains YouTrack versions before 2019.1.52584. JetBrains

Overview : NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a

Overview : Multiple vulnerabilities in IBM WebSphere eXtreme Scale Client could expose sensitive information. Affected Product(s) : WebSphere eXtreme Scale

Overview : Integrated Data Protection Appliance 2.3 contains fixes for multiple security vulnerabilities that may potentially be exploited by malicious

Overview : Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer

Overview : NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files

Overview : Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction of excessive authentication attempts vulnerability. An unauthenticated

Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the

Overview : A vulnerability was found in the clustering code that caused a memory leak. This could be exploited by

Overview : Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability  CWE-399/ CVE-2019-12646 A

Overview : Stored XSS vulnerability in expandable textbox form control SECURITY-1498 / CVE-2019-10401 Jenkins form controls include an expandable textbox

Overview : IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentials in plain in clear text which can

Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

Overview : vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Affected

Overview : A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX

Overview : On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability

Overview : Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable

Overview : DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH

Overview : F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system configuration to be modified when

Overview : Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local