Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Hibernate library

Summary Due to use of the Hibernate library, DevOps Test Performance and Rational Performance Tester contain a potential SQL injection vulnerability. CVE-2026-0603 Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.1.14 (RHSA-2026:6012)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6012 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:4915)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4915 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

africa.absa:inception-test (>=1.0.0 <=1.2.0), ai.dstack:server-base-local (>=0.0.12 <=0.1.15) +5233 more potentially affected by CVE-2026-0603 via org.hibernate:hibernate-core (>=5.2.8.Final <=5.6.14.Final)

org.hibernate:hibernate-core MAVEN version =5.2.8.Final, =1.0.0, =0.0.12, =0.5.0, =0.5.0, =0.1.0, =0.1.3-20210127.1838-76ab4fc, =0.1.3-20210127.1838-76ab4fc, =0.1.0, =2023.06.07.114626-93b9d6f, =0.1.0, =0.1.4-20220614.0152-5ae0eef, =1.1.0, =0.7, =0.9 and more Source cves: CVE-2026-0603 Source...

CVE-2026-0603

creationtimestamp| type| source ---|---|--- 2026-01-23 08:41:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md3cke767t2r 2026-01-23 10:12:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3md3hmmsutm2g 2026-04-27 02:00:04+00:00| seen|...

CVE-2021-0603

In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2025-0603 SQLi in Callvision Healthcare's Callvision Emergency Code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-0603

The CVE-2025-0603 issue is an SQL injection vulnerability in Callvision Healthcare’s Callvision Emergency Code, caused by improper neutralization of special elements in SQL commands. Affects Callvision Emergency Code versions before V3.0. Impact is high across confidentiality, integrity, and avai...

Photon OS 3.0: Cmake PHSA-2023-3.0-0603

An update of the cmake package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0603. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Calico PHSA-2023-3.0-0603

An update of the calico package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0603. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Bindutils PHSA-2023-3.0-0603

An update of the bindutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0603. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Go PHSA-2023-3.0-0603

An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0603. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid203821...

CVE-2024-40907 ionic: fix kernel panic in XDP_TX action

In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDPTX action In the XDPTX path, ionic driver sends a packet to the TX path with rx page and corresponding dma address. After tx is done, ionictxclean frees that page. But RX ring buffer isn't reset to...

CVE-2024-0603

creationtimestamp| type| source ---|---|--- 2024-02-06 09:41:25+00:00| seen| https://t.me/ctinow/179854...

AlmaLinux 9 : firefox (ALSA-2024:0603)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0603 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...

Oracle Linux 9 : firefox (ELSA-2024-0603)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0603 advisory. 115.7.0.1.0.1 - Update to 115.7.0 build 1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

MAL-2024-227 Malicious code in wlwz-2312-0603 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdb923287ce77e018fa76c2298661bcfdcf25cb55c26fdbe10cb6b938f32c81e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-0603 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cdb923287ce77e018fa76c2298661bcfdcf25cb55c26fdbe10cb6b938f32c81e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-0603 ZhiCms giftcontroller.php deserialization

A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...