Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions

Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...

CVE-2026-4218 myAEDES App aedes.me.beta EngageBayUtils.java information disclosure

A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTHKEY results in information disclosure. The attack is only possible...

MiracleLinux 4 : java-1.6.0-openjdk-1.6.0.0-6.1.13.4.AXS4 (AXSA:2014-460:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-460:03 advisory. Description : The OpenJDK runtime environment. Security issues fixed with this release: CVE-2014-2490 Unspecified vulnerability in the Java SE...

CVE-2021-4218 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-vmware, linux-qemu...

CVE-2023-4218

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

EUVD-2016-4218

Malware in sbrugna...

EUVD-2010-4218

Malware in sbrugna...

EUVD-2022-4218

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218

Summary IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...

Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

CVE-2025-4218

creationtimestamp| type| source ---|---|--- 2025-05-02 21:24:09+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lo7r4m7jbne2 2025-05-03 00:01:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo7zvp3erb2h 2025-05-03...

CVE-2025-4218

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gptseleniumagent.py. The manipulation of the argument instructions leads to code injection...

CVE-2025-4218 handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gptseleniumagent.py. The manipulation of the argument instructions leads to code injection...

CVE-2022-4218

creationtimestamp| type| source ---|---|--- 2025-01-23 21:03:36+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2828...

CVE-2024-4218 AffiEasy <= 1.1.6 - Cross-Site Request Forgery to Various Actions

The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to plugin improperly releasing the tagged and patched version of the plugin - the vulnerable version is used as the core files, while the patched version was...

WordPress AffiEasy Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software AffiEasy Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4218 Patch priority Low CVSS severity Low 6.5 Developer AffiEasy PSID 6a6d4298e483 Credits Benedictus Jovan aillesiM Required...

Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress

Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...

SUSE: Security Advisory (SUSE-SU-2024:1304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1304-1 Security update for eclipse, maven-surefire, tycho

This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: - CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. bsc1216992 maven-sunfire was updated from version 2.22.0 to 2.22.2: - Changes in version...