Export limit exceeded: 45980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11884 | 1 Opentext | 1 Ucmdb | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4. | ||||
| CVE-2019-17082 | 1 Opentext | 1 Accurev For Ldap Integration | 2026-04-15 | N/A |
| Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1. | ||||
| CVE-2024-1811 | 1 Opentext | 1 Arcsight Platform | 2026-04-15 | 9.8 Critical |
| A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited. | ||||
| CVE-2023-32266 | 1 Opentext | 1 Alm Quality Center | 2026-04-15 | N/A |
| Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1. | ||||
| CVE-2025-15579 | 1 Opentext | 1 Directory Services | 2026-04-15 | N/A |
| Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2. | ||||
| CVE-2025-8716 | 1 Opentext | 1 Content Management | 2026-04-15 | N/A |
| In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known. | ||||
| CVE-2024-1148 | 1 Opentext | 1 Pvcs Version Manager | 2026-04-15 | 9.8 Critical |
| Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. | ||||
| CVE-2025-3478 | 1 Opentext | 1 Enterprise Security Manager | 2026-04-15 | N/A |
| A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | ||||
| CVE-2025-5808 | 1 Opentext | 1 Self Service Password Reset | 2026-04-15 | N/A |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | ||||
| CVE-2026-2123 | 3 Microfocus, Microsoft, Opentext | 3 Operations Agent, Windows, Operations Agent | 2026-04-07 | 7.8 High |
| A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | ||||
| CVE-2001-0631 | 1 Opentext | 1 Firstclass | 2026-04-06 | N/A |
| Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. | ||||
| CVE-2024-11604 | 1 Opentext | 1 Idm Driver And Extensions | 2026-03-30 | N/A |
| Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000. | ||||
| CVE-2025-13478 | 1 Opentext | 1 Identity Manager | 2026-03-30 | N/A |
| Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1). | ||||
| CVE-2026-3278 | 1 Opentext | 1 Zenworks Service Desk | 2026-03-24 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3. | ||||
| CVE-2007-2976 | 1 Opentext | 2 Firstclass, Server And Internet Services | 2026-03-23 | N/A |
| Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2025-13671 | 1 Opentext | 1 Web Site Management Server | 2026-02-27 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | ||||
| CVE-2025-13672 | 1 Opentext | 1 Web Site Management Server | 2026-02-27 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | ||||
| CVE-2025-8054 | 1 Opentext | 1 Xm Fax | 2026-02-27 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2. | ||||
| CVE-2025-8055 | 1 Opentext | 1 Xm Fax | 2026-02-27 | 5.3 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2. | ||||
| CVE-2025-9208 | 1 Opentext | 1 Web Site Management Server | 2026-02-27 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1. | ||||