F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...

CVE-2025-66033 Improper Memory Cleanup in the Okta Java SDK

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and...

Improper Memory Cleanup in the Okta Java SDK

Description In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service...

Okta Java Management SDK 安全漏洞

Okta Java Management SDK is an open source Java development toolkit from Okta, Inc. A security vulnerability exists in Okta Java Management SDK versions 21.0.0 through 24.0.0, which stems from improper thread cleanup and could result in a denial of service...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2025-53057 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2025-53057 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

Security Bulletin: A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-40974).

Summary A vulnerability in RedHat affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerabilit...

Security Bulletin: A vulnerability in the IBM Robotic Process Automation windows installer could result in privilege escalation (CVE-2024-51448).

Summary IBM Robotic Process Automation could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server...

UBUNTU-CVE-2024-55227

A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

PT-2025-3106 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 21.0.0-beta Description: A cross-site scripting XSS vulnerability in the Product module of Dolibarr allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This issue...

PT-2025-3105 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 21.0.0-beta Description: A cross-site scripting XSS issue in the Events/Agenda module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This enables attackers t...

IBM Robotic Process Automation 跨站脚本漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A cross-site scripting vulnerability exists in IBM Robotic Process Automatio...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A security vulnerability exists in IBM Robotic Process Automation versions...

PT-2024-10276 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.17 IBM Robotic Process Automation versions 23.0.0 through 23.0.18 Description: The issue is related to errors in inherited permissions. It could allow a local user to escalate thei...

Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)

Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address...

AZL-35886 CVE-2024-22017 affecting package libuv for versions less than 1.48.0-1

setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...

CVE-2023-38718

IBM Robotic Process Automation (Cloud Pak) is affected by CVE-2023-38718, with information disclosure risk stemming from access to RPA scripts, workflows and related data. Affected products/versions include Cloud Pak 21.0.0–21.0.7.8 (also affecting 23.0.8). The cited vulnerability details indicat...

PT-2023-5433 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.7.8 Description: The issue is related to a lack of protection for service data in IBM Robotic Process Automation, which could allow a remote attacker to disclose sensitive informatio...