Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.15.0 shipped with IBM Cloud Pak for Business Automation iFixes for December 2025.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation December 2025 security fixes update this dependency beyond 4.15.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2016-10540 DESCRIPTION: Minimatc...

CVE-2024-10540

creationtimestamp| type| source ---|---|--- 2024-11-02 03:53:51+00:00| seen| https://t.me/cvedetector/9637...

CVE-2024-10540

CVE-2024-10540 affects the BookingPress plugin for WordPress (BookingPress/Appointment Booking Calendar) up to version 1.1.16. The vulnerability is a SQL Injection via the service parameter of the bookingpress_form shortcode caused by insufficient escaping and unsafe SQL query construction. Authe...

CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

CVE-2024-10540 Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.16 - Authenticated (Subscriber+) SQL Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'service' parameter of the bookingpressform shortcode in all versions up to, and including, 1.1.16 due to insufficient escaping on the user supplied parameter a...

Ubuntu 16.04 ESM : minimatch vulnerability (USN-4783-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4783-1 advisory. It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of...

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

SUSE CVE-2016-1000023

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Mageia: Security Advisory (MGASA-2019-0045)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0186-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10540

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules...

CVE-2020-10540

CVE-2020-10540 affects Untis WebUntis prior to version 2020.9.6 and is characterized by a CSRF vulnerability for certain combinations of rights and modules. The NVD records a CVSS v3.1 base score of 8.8 (HIGH) with NETWORK attack vector, LOW complexity, no privileges required, and user interactio...

CVE-2020-10540

Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules...

Fedora 30 : mingw-wavpack (2020-73274c9df4)

Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 31 : mingw-wavpack (2020-e55567b6be)

Security fixes for: CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539 CVE-2018-10540 CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010319 CVE-2019-1010317 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Slackware 14.0 / 14.1 / 14.2 / current : wavpack (SSA:2019-353-01)

New wavpack packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-353-01. The text itself is copyright C Slackware...

CVE-2019-10540

CVE-2019-10540 is a buffer overflow in the WLAN firmware (Qualcomm/QualPwn context) affecting multiple Snapdragon platforms, where a missing bounds check on the NAN availability attribute count enables overrun in the WLAN/NAN path. Affected hardware includes IPQ8074, MSM8996AU, QCA6174A, QCA6574A...

CVE-2019-10540

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs

UPDATE Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction...

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction. Discovered by security researchers from Tencent's Blade team, the vulnerabilities...