IBM多款产品 安全漏洞

IBM Verify Identity Access Container is a product of the American multinational company International Business Machines IBM. IBM Verify Identity Access Container is a containerized software that provides identity authentication and authorization capabilities for applications. IBM Security Verify...

EUVD-2026-19248

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2025-68906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through = 11.0.2...

CVE-2025-68906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through = 11.0.2...

CVE-2025-66417

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

CVE-2025-66417

GLPI (from version 11.0.0 up to, but not including, 11.0.3) is affected by an unauthenticated SQL injection via the inventory endpoint. The root cause is improper handling of input in the inventory API, enabling arbitrary SQL execution. The issue is fixed in version 11.0.3. The vulnerability is d...

Mattermost fails to sanitize team email addresses

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from insufficient validation of code exchange tokens, which could lead to account takeover. The following versions are affected: version 11.0.2...

EUVD-2025-24506

Malicious code in bioql PyPI...

EUVD-2025-24509

Malicious code in bioql PyPI...

EUVD-2025-24512

Malicious code in bioql PyPI...

EUVD-2023-52342

Malicious code in bioql PyPI...

EUVD-2025-24513

Malicious code in bioql PyPI...

EUVD-2025-24505

Malicious code in bioql PyPI...

EUVD-2025-8323

Malicious code in bioql PyPI...

EUVD-2025-24510

Malicious code in bioql PyPI...

EUVD-2025-24507

Malicious code in bioql PyPI...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-59936

The CVE-2025-59936 issue affects get-jwks prior to 11.0.2, where a design flaw allows cache poisoning of the JWKS cache to bypass issuer validation. If iss is validated after keys are retrieved from the cache, an attacker can craft JWTs to place a chosen public key in the shared cache and then re...