EUVD-2026-32423

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2026-5065 IBM Controller is affected by vulnerabilities

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

EUVD-2026-19248

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2025-14840

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-64518

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

GHSA-6FHJ-VR9J-G45R CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

Impact The XML Validator used by cyclonedx-core-java was not configured securely, making the library vulnerable to XML External Entity XXE injection. The fix for GHSA-683x-4444-jxh8 / CVE-2024-38374 has been incomplete in that it only fixed parsing of XML BOMs, but not validation. Patches The...

CycloneDX Core 代码问题漏洞

CycloneDX Core is a CycloneDX BOM Standard open source aid for creating SBOM applications. A code issue vulnerability exists in CycloneDX Core versions prior to 11.0.1 that stems from an unsecured configuration of the XML Validator, which could lead to an XML external entity injection attack...

EUVD-2020-2470

Malware in sbrugna...

EUVD-2021-25006

Malware in sbrugna...

EUVD-2025-27838

Malicious code in bioql PyPI...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times. Remediation Upgrade com.liferay:com.liferay.portal.workflow.api to version 11.0.1 or higher...

CVE-2025-8661 Stored Cross-Site Scripting in Symantec PGP Encryption 11.0.1

A stored Cross-Site Scripting vulnerability XSS occurs when the server does not properly validate or encode the data entered by the user...

CVE-2025-8660 Privilege Escalation in Symantec PGP Encryption 11.0.1

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...

CVE-2025-8660 Privilege Escalation in Symantec PGP Encryption 11.0.1

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...

DoS (Denial of Service) Third-Party Dependency in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 9.12.0, 10.3.0, and 10.7.1 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

CVE-2025-47108

Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...