Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...

EUVD-2025-27779

Malicious code in bioql PyPI...

CVE-2025-30263

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...

CVE-2025-30263 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...

CVE-2025-30263 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...

CVE-2025-30263

CVE-2025-30263 describes a NULL pointer dereference in QNAP Qsync Central . The flaw can be triggered when a remote attacker, after obtaining a user account, exploits the condition to cause a denial-of-service. Affected component is the Qsync Central service; the underlying impact stated is avail...

CVE-2025-30262 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...

CVE-2025-30262 Qsync Central

A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0...

CVE-2025-30261 Qsync Central

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...

CVE-2024-3016

CVE-2024-3016 affects NEC Platforms DT900/DT900S Series. Affects firmware ranges 5.0.0.0–5.3.4.4 and 5.4.0.0–5.6.0.20. The issue lets an unauthenticated attacker access non-documented system settings via the local network and change settings. Public documents corroborate: Red Hat and JVNDB entrie...

CVE-2024-3016

NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user...

Security Bulletin: IBM Elastic Storage System 3000 is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID:CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithm...

Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System GUI where authorised user can execute unauthorized function (CVE-2020-4378)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4378 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to...

Security Bulletin: IBM Elastic Storage System 3000 GUI is affected by verbose error message (CVE-2020-4357)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4357 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitiv...

CVE-2021-39024

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2021-39022

IBM Guardium Data Encryption GDE 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value CSV file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID...

IBM API Connect Code Injection Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. a code injection vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability stems from unvalidated user input. An attacker could exploit the vulnerability to inject code...

IBM API Connect 安全漏洞

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure and denial of service vulnerability exists in IBM API Connect versions 5.0.0.0 - 5.0.8.11. The vulnerability originates from an open port. A remote user can exploit the vulnerability to obtain sensitiv...

Security Bulletin: IBM API Connect is impacted by reflected cross site scripting (CVE-2020-4707)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4707 DESCRIPTION: IBM API Connect is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali...

Hexagon Intergraph G!NIUS SQL注入漏洞

Hexagon Intergraph G!NIUS is an industrial control device from the Swedish company Hexagon. A sensor. A SQL injection vulnerability exists in Hexagon Intergraph G!NIUS prior to version 5.0.0.0. The vulnerability stems from a lack of validation of externally entered SQL statements in database-base...