EUVD-2025-209934

IBM webMethods Integration on prem -Integration Server 10.15 through IS10.15CoreFix2611.1 to IS11.1CoreFix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN- OS software...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS Software allows an...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A server-side request forgery SSRF vulnerability in the IKEv2 implementation of Palo Alto Networks PAN- OS software allo...

OPENSUSE-SU-2026:10740-1 busybox-1.37.0-11.1 on GA media

These are all security issues fixed in the busybox-1.37.0-11.1 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...

Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

Security Bulletin: Due to the use of JetBrains Kotlin, IBM webMethods BPM is vulnerable to the use of Java API for temporary file and folder creation

Summary IBM webMethods BPM uses JetBrains Kotlin which is vulnerable to the use of Java API for temporary file and folder creation. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An...

CVE-2025-13821

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID:...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips

Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kotlin-stdlib

Summary IBM webMethods BPM uses kotlin-stdlib in all Kotlin-based modules to provide core Kotlin language support and runtime utilities. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation...

EUVD-2026-6102

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

CVE-2026-0998 Mattermost Zoom Plugin allows unauthorized meeting creation and post modification via insufficient API access controls

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.1.2 and earlier 11.1.x series as well as 10.11.9 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from improper authentication of...

CVE-2025-14150

IBM webMethods Integration on prem - Integration Server 10.15 through IS10.15CoreFix2411.1 to IS11.1CoreFix8 IBM webMethods Integration could disclose sensitive user information in server responses...

CVE-2025-14150

IBM webMethods Integration on prem - Integration Server 10.15 through IS10.15CoreFix2411.1 to IS11.1CoreFix8 IBM webMethods Integration could disclose sensitive user information in server responses...

Security Bulletin: IBM webMethods Integration Sever is affected by CVE-2025-14150

Summary IBM webMethods Integration server could disclose sensitive user information in server responses. CVE-2025-14150 Vulnerability Details CVEID:CVE-2025-14150 DESCRIPTION: IBM webMethods Integration could disclose sensitive user information in server responses. CWE:CWE-497: Exposure of...

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...