Fedora 43 : docker-compose (2026-951a6725b8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

PT-2026-40898

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress contains an authorization bypass issue because it fails to properly verify if a user is authorized to perform specific actions. This allows...

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

CVE-2023-25696

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

WordPress WordPress Simple PayPal Shopping Cart plugin <= 5.1.3 - Insecure Direct Object Reference via 'quantity' vulnerability

Insecure Direct Object Reference via 'quantity' vulnerability discovered by Jack Taylor in WordPress Plugin Simple Shopping Cart versions = 5.1.3...

CVE-2025-13403

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

PT-2025-51044

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employee spotlight check optin function in all versions up to, and including, 5.1.3. This makes it possibl...

WordPress Employee Spotlight plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Employee Spotlight versions = 5.1.2...

EUVD-2019-15798

Malware in sbrugna...

EUVD-2019-0159

Malware in sbrugna...

EUVD-2023-36375

Malicious code in bioql PyPI...

EUVD-2023-0680

Malicious code in bioql PyPI...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to allocation of resource abuse due to the commons-fileupload package (CVE-2025-48976)

Summary Commons-fileupload is used by DataStage on Cloud Pak for Data as part of the file handling functionality. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload...

Security Bulletin: Vulnerabilities in pgjdbc affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in pgjdbc has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is...

Security Bulletin: Vulnerabilities in Apache affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper...

Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in oniguruma 6.9.6-1.el9.6

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of oniguruma 6.9.6-1.el9.6 Vulnerability Details CVEID:CVE-2019-16163 DESCRIPTION: Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. CWE:CWE-674: Uncontrolled Recursion CVSS Sourc...

Security Bulletin: There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem

Summary There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor computation with...

CVE-2023-32107

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin = 5.1.3 versions...