CVE-2026-42309

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.2.1 / 11.3.0 (JSDSERVER-16462)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16462 advisory. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an...

OpenProject 信息泄露漏洞

OpenProject is a web-based project management software from OpenProject open source. An information disclosure vulnerability exists in OpenProject versions 11.2.1 through prior to 16.6.2, which originates from an error page that discloses username information and could lead to account enumeration...

RCE (Remote Code Execution) in Jira Software Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 11.2.0 of Jira Software Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated...

DoS (Denial of Server) org.apache.struts:struts-core Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2016-1182 was introduced in 11.2.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H allows an unauthenticated attacker to take...

XXE (XML External Entity Injection) Tika Dependency in Jira Service Management Data Center and Server

This Jira Service Management release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path...

DoS (Denial of Service) axios Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-58754 was introduced in 10.3.0, and 11.0.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

RCE (Remote Code Execution) in Jira Service Management Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 11.2.0 of Jira Service Management Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an...

DoS (Denial of Server) org.apache.struts:struts-core Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2016-1182 was introduced in 11.2.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H allows an unauthenticated attacke...

XXE (XML External Entity Injection) in Jira Service Management Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in version 11.2.0 of Jira Service Management Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

EUVD-2023-28109

Malicious code in bioql PyPI...

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A security...

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

CVE-2023-24045

In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request...

IBM Cognos Analytics Sensitive Information Disclosure Vulnerability (CNVD-2022-91131)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A sensitive information...

IBM Cognos Analytics Server-Side Request Forgery Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...

CVE-2022-38708 IBM Cognos Analytics server-side request forgery

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack SSRF attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...