Atlassian Confluence 9.0.1 < 9.0.2 / 9.2.5 < 9.2.15 / 9.5.1 < 10.2.7 (CONFSERVER-102542)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102542 advisory. - Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

BIT-DRUPAL-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...

CVE-2025-36006

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial due to the improper release of resources after use...

CVE-2024-47118 IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

EUVD-2023-2063

Malicious code in bioql PyPI...

PT-2025-34196 · Mattermost · Mattermost Server +1

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions 10.5.0 through 10.5.9 Description: Mattermost Server versions 10.5.x up to and including 10.5.9, when utilizing the Agents plugin, do not reject empty request bodies. This allows users to potentially trick others in...

CVE-2023-38503

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters i.e. usercreated IS $CURRENTUSER are not properly checked when using GraphQL subscription resulting in unauthorized users getting event o...

CVE-2021-25968

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...

Security Bulletin: IBM DataPower Gateway potentially vulnerable to RCE vulnerability

Summary IBM DataPower Gateway does not support the affected character-set. Out of an abundance of caution, IBM has applied the remediation for this CVE. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caus...

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to open-vm-tools (CVE-2023-20867)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit a compromised hypervisor to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20867 DESCRIPTION: VMware Tools could allow a local...

PT-2024-25682 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions 8.18.5 through 8.18.13 Umbraco versions 10.5.0 through 10.8.5 Umbraco versions 12.0.0 through 12.3.9 Umbraco versions 13.0.0 through 13.3.0 Description: Umbraco is an ASP.NET CMS used by more than 730,000 websites. It has an...

Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js

Summary NodeJS is used by IBM DataPower Gateway as part of the API-GWY management interface CVE-2024-22019 Vulnerability Details CVEID:CVE-2024-22019 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP request with unbounded chunk extension...

CVE-2023-40355

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions...

Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js

Summary IBM has addressed the following CVEs that could affect the API Gateway Director, and in version 10.5. only the New UI Vulnerability Details CVEID:CVE-2023-30588 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 10.3.0 through 10.5.0, which stems from improper permission checking of GraphQL subscriptions, resulting in an information...

PT-2023-26483 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 10.3.0 through 10.4.x Description: The issue concerns the improper checking of permission filters when using GraphQL subscriptions, resulting in unauthorized users receiving events they should not have access to. This affect...

Security Bulletin: Timing side-channel in IBM DataPower Gateway (CVE-2023-32342)

Summary A timing side-channel is present in IBM GSKit. This potentially affects the following IBM DataPower Gateway services: ISAM/TAM, MQ and JMS Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a...

Security Bulletin: IBM DataPower Gateway affected by multiple issues in JRE

Summary IBM has addressed the following CVEs, which potentially affect JDBC, IMS Callout and JMS components Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...