Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)

Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...

CVE-2026-1333

creationtimestamp| type| source ---|---|--- 2026-02-16 22:35:19+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mez4cwdevv25 2026-02-17 01:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116083381352983641 2026-02-19 05:00:00+00:00| seen|...

MiracleLinux 7 : kernel-3.10.0-229.14.1.el7 (AXSA:2015-504:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-504:03 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1333)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1333 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

CVE-2025-1333

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information t...

EUVD-2026-1333

The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handlequeryargs function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2011-1333

Cross-site scripting XSS vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."...

CVE-2025-1333

creationtimestamp| type| source ---|---|--- 2025-05-01 22:21:33+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14406 2025-05-02 03:23:48+00:00| seen| https://t.me/cvedetector/24300...

CVE-2025-1333

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information t...

CVE-2025-1333

CVE-2025-1333 affects IBM MQ Container when used with the IBM MQ Operator (LTS 2.0.0–2.0.29; CD 3.0.0–3.1.3, 3.3.0–3.4.1, 3.5.0–3.5.1; SC2 3.2.0–3.2.10) and configured with Cloud Pak for Integration Keycloak, enabling disclosure of sensitive information to a privileged user. Red Hat and IBM sourc...

CVE-2025-1333 IBM MQ Operator information disclosure

IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information t...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType

Summary libxml2, Go JOSE, FreeType and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to memory exhaustion and a Denial of Service by sending numerous malformed tokens, and arbitrary code execution by writing up to 6 signed long integers out of bounds. This...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-45296)

Summary pillarjs Path-to-RegExp is used by IBM DataPower Gateway as part of the DataPower UI CVE-2024-45296 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending...

Security Bulletin: IBM Security SOAR is vulnerable to client-side vulnerability (CVE-2024-45801)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side arbitrary code execution CVE-2024-45801. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp (CVE-2024-45296).

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to pillarjs Path-to-RegExp CVE-2024-45296. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in path-to-regexp-0.1.7.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By...

Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...