Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Jetty

Summary There are vulnerabilities in Jetty used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2025-11143, CVE-2026-2332. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has...

RLSA-2026:20568 Important: jmc security update

JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications...

RockyLinux 9 : jmc (RLSA-2026:20568)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:20568 advisory. lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing CVE-2025-66566 org.eclipse.jetty/jetty-http: HTTP request smuggling v...

RHEL 9 : jmc (RHSA-2026:20568)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20568 advisory. JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis o...

MINI-2332-RHJ3-6CR8

Bulletin has no description...

CVE-2026-2332 vulnerabilities

Vulnerabilities for packages: akhq, kafka, jenkins, solr, apache-pulsar, neo4j, apache-nifi...

CVE-2026-2332

creationtimestamp| type| source ---|---|--- 2026-04-14 05:34:46+00:00| published-proof-of-concept| https://github.com/jetty/jetty.project/security/advisories/GHSA-355h-qmc2-wpwf 2026-04-14 05:34:46+00:00| published-proof-of-concept|...

MAL-2026-2332 Malicious code in @hsbc-mfe/host (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a848d447b30dd51c4c541fa6a6e6d377bfe77ee4b04b4904996f725b8519789 The package @hsbc-mfe/host was found to contain malicious code...

MINI-RG55-CQ36-2332

Bulletin has no description...

EUVD-2026-2332

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

CVE-2019-2332

Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607,...

EUVD-2020-2332

Malware in sbrugna...

CVE-2025-2332

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-2332

creationtimestamp| type| source ---|---|--- 2025-03-27 06:40:12+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lldowwbk252g 2025-03-27 07:30:19+00:00| published-proof-of-concept| Telegram/nXpxTUnuiIyQonR7LnQBkLEoYc0D4Dc9ELBHZOgfYe7uvjo 2025-03-27 08:17:33+00:00| seen|...

CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2023-2332

creationtimestamp| type| source ---|---|--- 2024-11-15 13:15:37+00:00| seen| https://t.me/cvedetector/11063...

CVE-2023-2332

CVE-2023-2332 is a stored XSS in pimcore/pimcore 10.5.19, located in the Conditions tab of Pricing Rules (Date Range From/To fields). The underlying issue allows injection of arbitrary JavaScript, potentially compromising user cookies or redirecting users. The vulnerability is mitigated by upgrad...

CVE-2024-2332

CVE-2024-2332 concerns SourceCodester Online Mobile Management Store 1.0. The vulnerability affects the HTTP GET Request Handler used by the /admin/maintenance/manage_category.php file, where manipulation of the argument id leads to SQL injection. Multiple connected records corroborate remote exp...

CVE-2016-2332

creationtimestamp| type| source ---|---|--- 2023-12-11 15:34:50+00:00| seen| https://t.me/arpsyndicate/1768...