Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

CVE-2026-24472 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-24472 vulnerabilities

Vulnerabilities for packages: langfuse, librechat, langfuse-fips...

CVE-2026-24472

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware does not respect standard cache control...

CVE-2026-24472

creationtimestamp| type| source ---|---|--- 2026-01-27 21:12:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdgof3mheh23...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +156 more potentially affected by CVE-2026-24472 via hono (>=4.0.0 <=4.11.6)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.2, =1.0.0, =1.0.1 and more Source cves: CVE-2026-24472 Source advisory: SNYK:JS-HONO-15123484...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +446 more potentially affected by CVE-2026-24472 via hono (>=0.5.10 <=4.11.6)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =0.0.1, =1.7.2, =1.7.1, =1.8.0 and more Source cves: CVE-2026-24472 Source advisory: OSV:GHSA-6WQW-2P9W-4VW4...

CVE-2021-24472

The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...

Linux Distros Unpatched Vulnerability : CVE-2023-24472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput...

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

CVE-2025-24472

CVE-2025-24472 affects Fortinet FortiOS (7.0.0–7.0.16) and FortiProxy (7.2.0–7.2.12, also 7.0.0–7.0.19 in some sources) with an authentication bypass (CWE-288) that can grant super-admin privileges on downstream devices when Security Fabric is enabled. exploitation requires crafting CSF proxy req...

CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to...

CVE-2024-9755 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in tha...

CVE-2024-9755

Tungsten Automation Power PDF JP2 file parsing flaw leads to an out-of-bounds read that can enable arbitrary code execution. Triggered when a user visits a malicious page or opens a crafted JP2-containing file; the attacker would run code in the target process. Connected sources (e.g., ZDI adviso...

CVE-2023-24472

creationtimestamp| type| source ---|---|--- 2023-03-30 20:32:50+00:00| seen| https://t.me/cibsecurity/61183...

CVE-2023-24472

A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...

Vulnerability Spotlight: Specially crafted files could lead to denial of service, information disclosure in OpenImageIO parser

Lilith of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered three vulnerabilities in the OpenImageIO image-parsing library that many popular pieces of 3-D rendering software use. OpenImageIO is a library that converts, compares and processes various image files. Blende...

CVE-2023-24472

OpenImageIO vulnerability CVE-2023-24472 affects OpenImageIO v2.4.7.1, in FitsOutput::close() where a crafted ImageOutput can cause denial of service. Exploitation details are documented by Talos/Cisco (TALOS-2023-1709) and Gentoo GLSA-202506-09, with remediation advising upgrade to newer OpenIma...

OpenImageIO Project OpenImageIO FitsOutput::close() denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1709 OpenImageIO Project OpenImageIO FitsOutput::close denial of service vulnerability March 30, 2023 CVE Number CVE-2023-24472 SUMMARY A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1...