Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-44664 DESCRIPTION: fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using...

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

EUVD-2025-209922

Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to...

EUVD-2025-209921

Dell PowerFlex Manager, versions =4.6.2, contains an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering...

EUVD-2025-209920

Dell PowerFlex Manager, versions =4.6.2, contains an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information...

PT-2026-42757

Dell PowerFlex Manager, versions =4.6.2, contains an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a product of the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contained security vulnerabilities. These vulnerabilities stemmed from the insecure storage of sensitive information, which could allow unauthenticated attackers with local access t...

Dell PowerFlex Manager 安全漏洞

Dell PowerFlex Manager is a software-defined infrastructure deployment and lifecycle management platform developed by the American company Dell. Versions of Dell PowerFlex Manager prior to 4.6.2 contain security vulnerabilities. These vulnerabilities stem from the insecure storage of sensitive...

PT-2026-42759

Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

EUVD-2025-209907

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2025-32750

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2025-32750

Dell PowerFlex Manager, versions =4.6.2, contains an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5088860)

2026-05 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5088860...

May 12, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB5087062)

May 12, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 KB5087062 Applies to: Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Important The installation of this Extended...

May 12, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 (KB5087063)

May 12, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 KB5087063 Applies to: Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Important The installation of this Extend...

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

April 14, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB5082400)

April 14, 2026-Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 KB5082400 Applies to: Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Important The installation of this Extende...

CVE-2026-30842

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, Wallos allows an authenticated user to delete avatar files uploaded by other users. The avatar deletion endpoint does not verify that the requested avatar belongs to the current user. As a result, any...

CVE-2026-30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, there is a server-side request forgery vulnerability in notification testers. This issue has been patched in version 4.6.2...

CVE-2026-30839

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, testwebhooknotifications.php does not validate the target URL against private/reserved IP ranges, enabling full-read SSRF. The server response is returned to the caller. This issue has been patched in...