Lucene search
K

67 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 1:26 p.m.11 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...

9.6CVSS5.8AI score0.66535EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/13 4:55 p.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...

9.4CVSS7.7AI score0.00986EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:8 p.m.7 views

Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)

Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...

9.4CVSS5.5AI score0.00277EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 1:24 p.m.8 views

Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...

9.4CVSS6.8AI score0.00277EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2025/11/18 6:32 p.m.9 views

au.net.causal.shoelaces:shoelaces-jersey (=3.0), au.net.causal.shoelaces:shoelaces-jersey-client (=3.0) +521 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.1.0-M1 <=3.1.1)

org.glassfish.jersey.core:jersey-client MAVEN version =3.1.0-M1, =22.12.0, =22.11.0, =22.9.0, =22.7.0, =22.10.0, =22.11.0, =22.12.0, =22.7.0, =1.0.0.1, =4.0.3, =4.0.3, =4.0.0, =5.4.0 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...

9.4CVSS7.3AI score0.00277EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/18 6:32 p.m.9 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +331 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)

org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...

9.4CVSS7.3AI score0.00277EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/18 6:32 p.m.7 views

com.axonivy.ivy.webtest:web-tester (>=12.0.1 <=13.1.0), com.exasol:extension-manager-client-java (>=0.5.13 <=0.5.16) +390 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=2.45)

org.glassfish.jersey.core:jersey-client MAVEN version =2.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - com.axonivy.ivy.webtest:web-tester =12.0.1, =0.5.13, =0.5.13, =1.6.0, =2.2.19,...

9.4CVSS7.3AI score0.00277EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/18 6:32 p.m.8 views

ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +11524 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=2.0 <=2.45)

org.glassfish.jersey.core:jersey-client MAVEN version =2.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...

9.4CVSS7.3AI score0.00277EPSS
Exploits0
Circl
Circl
added 2025/05/07 3:48 p.m.5 views

CVE-2025-12383

creationtimestamp| type| source ---|---|--- 2025-05-07 15:48:27+00:00| seen| https://t.me/NinjaSec/300 2025-11-18 16:14:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5w53w67l62u 2026-01-16 15:45:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mckgwvnwux2z...

9.4CVSS7.8AI score0.00277EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2019-12383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, ev...

4.3CVSS5.1AI score0.02164EPSS
Exploits0References2
NVD
NVD
added 2025/01/07 6:15 a.m.12 views

CVE-2024-12383

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

6.1CVSS0.00189EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/07 5:23 a.m.20 views

CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

6.1CVSS0.00189EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/07 5:23 a.m.3 views

CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...

6.1CVSS7.3AI score0.00189EPSS
Exploits0References5
CVE
CVE
added 2025/01/07 5:23 a.m.47 views

CVE-2024-12383

CVE-2024-12383 refers to the Binary MLM Woocommerce WordPress plugin vulnerability. The Wordfence entry confirms a Cross‑Site Request Forgery to Stored Cross‑Site Scripting (CSRF to XSS) flaw in all versions up to 2.0, caused by missing or incorrect nonce validation in the bmw_display_pv_set_page...

6.1CVSS6AI score0.00189EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.14 views

RHEL 8 : thunderbird (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords...

9.8CVSS8.1AI score0.00738EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.32 views

Oracle Linux 6 : thunderbird (ELSA-2018-3403)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-3403 advisory. 60.2.1-5.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-5 - Fixing minor issues 60.2.1-3 - Revertin...

9.8CVSS7.5AI score0.03662EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2021/11/08 12:0 a.m.32 views

Mozilla Firefox Security Advisory (MFSA2018-20) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

9.8CVSS7.5AI score0.03662EPSS
Exploits5References10
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2018:3476-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.7AI score0.13417EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2018:3591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.13417EPSS
Exploits8References30
RedhatCVE
RedhatCVE
added 2020/04/08 8:59 p.m.30 views

CVE-2018-12383

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is...

5.5CVSS1.5AI score0.0046EPSS
Exploits1References2
Rows per page
Query Builder