ECHO-1615-E37B-A859

Bulletin has no description...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)

Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...

openSUSE Security Advisory (SUSE-SU-2026:1008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : Prometheus (SUSE-SU-2026:1008-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1008-1 advisory. golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes...

CVE-2026-1615

A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the static-eval module for processing user-supplied input leads to unsafe evaluation. Successful...

CVE-2026-1615

creationtimestamp| type| source ---|---|--- 2026-02-09 05:18:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mefp3rgidt2m 2026-02-09 06:00:33+00:00| seen| https://infosec.exchange/users/offseq/statuses/116039144621552776 2026-02-09 06:00:34+00:00| seen|...

CVE-2022-1615 vulnerabilities

Vulnerabilities for packages: samba...

MiracleLinux 9 : samba-4.17.5-102.el9 (AXSA:2023-5551:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5551:07 advisory. samba: GnuTLS gnutlsrnd can fail and give predictable random values CVE-2022-1615 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : evolution-mapi-3.28.3-7.el8, openchange-2.3-31.el8 (AXSA:2023-6022:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6022:03 advisory. samba: GnuTLS gnutlsrnd can fail and give predictable random values CVE-2022-1615 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : samba-4.17.5-2.el8 (AXSA:2023-5985:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5985:08 advisory. samba: GnuTLS gnutlsrnd can fail and give predictable random values CVE-2022-1615 Tenable has extracted the preceding description block directly from the...

7ghost (>=4.11.0 <=4.11.46), @accordproject/concerto-ui-react (>=0.6.0 <=0.83.1-20200224151908) +270 more potentially affected by CVE-2026-1615 via jsonpath (>=1.0.0 <=1.2.1)

jsonpath NPM version =1.0.0, =4.11.0, =0.6.0, =0.82.10-20200221024018, =1.0.0, =1.1.0, =3.0.6371, =4.0.2, =2.0.4, =0.2.0, =4.0.149, =3.0.129, =4.0.174, =0.11.8, =1.2.5, =1.4.0 and more Source cves: CVE-2026-1615 Source advisory: SNYK:JS-JSONPATH-13645034...

TencentOS Server 3: evolution-mapi (TSSA-2023:0143)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0143 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2013-1615

The management console aka Java console on the Symantec Security Information Manager SSIM appliance 4.7.x and 4.8.x before 4.8.1 allows remote attackers to obtain sensitive information via unspecified web-GUI API calls...

Alibaba Cloud Linux 3 : 0089: samba (ALINUX3-SA-2023:0089)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0089 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1615: In Samba, GnuTLS gnutlsrnd can fail...

Alibaba Cloud Linux 3 : 0037: evolution-mapi (ALINUX3-SA-2024:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1615: In Samba, GnuTLS gnutlsrnd...

Linux Distros Unpatched Vulnerability : CVE-2022-1615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Samba, GnuTLS gnutlsrnd can fail and give predictable random values. CVE-2022-1615 Note that Nessus relies on the presence of the package as reported by the...

CVE-2025-1615

creationtimestamp| type| source ---|---|--- 2025-02-24 04:21:46+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5125 2025-02-24 06:15:10+00:00| seen| https://t.me/cvedetector/18776 2025-02-24 06:32:29+00:00| seen|...

CVE-2025-1615

A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. Th...

CVE-2025-1615 FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting

A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. Th...

CVE-2025-1615

CVE-2025-1615 affects FiberHome AN5506-01A ONU GPON RP2511. The vulnerability is an instance of cross-site scripting (XSS) in the NAT Submenu’s Description parameter, allowing remote exploitation. The issue is tied to manipulation of the Description argument, with the attack being remotely execut...