Security Bulletin: MongoDB Enterprised Advanced affected by: react-router-7.11.0.tgz (CVE-2026-21884, CVE-2026-22029, CVE-2026-22030)

Summary There are vulnerabilities in react-router-7.11.0.tgz used in MongoDB Enterprised Advanced for IBM, involving an XSS vulnerability. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-21884 DESCRIPTION: React Router is a router for React. In @remix-run/react version...

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

CVE-2020-12082

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 7.11.0-64...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to using the skipauthroutes configuration option with regex patterns. An attacker can gain unauthorized access to protected resources by crafting URLs with query parameters that match overly broad or improperly...

CVE-2025-54576

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

CVE-2025-54576 OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skipauthroutes configuration option...

CVE-2025-54576

Observations on CVE-2025-54576 : OAuth2-Proxy versions up to 7.10.0 expose an authentication bypass when using skip_auth_routes with regex patterns, because skip_auth_routes can match the full request URI (path + query parameters) instead of only the path. This allows an attacker to craft URLs wi...

Atlassian Jira 7.0.0 < 7.6.7 Broken Jql Filter For Webhooks

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.x prior to 7.6.7 or 7.7.0 prior to 7.11.0. It is, therefore, affected by a vulnerability which permits remote attackers who are able to observe or otherwise intercept webho...

AZL-74517 CVE-2022-45493 affecting package suitesparse 7.11.0-1

Buffer overflow vulnerability in function jsonparsekey in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 November 14, 2022 allows attackers to code arbitrary code and gain escalated privileges...

Kibana 7.11.0 < 7.12.1 Denial Of Service

According to its self-reported version number, the Kibana application running on the remote host is 7.11.0 prior to 7.12.1. It is, therefore, affected by : - An XML External Entity in the App Search web crawler beta feature CVE-2021-22140 Note that the scanner has not tested for these issues but...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

GitLab 访问控制错误漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug list, and more. An access control error vulnerability exists in GitLab tha...

Moderate: Red Hat Security Advisory: Red Hat Process Automation Manager 7.11.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

AZL-74241 CVE-2021-3520 affecting package suitesparse 7.11.0-1

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability...

Atlassian Confluence Server 跨站脚本漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A cross-site scripting vulnerability exists in Confluence Server versions prior to 7.11.0 that...

Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-05)

Elasticsearch is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-12410

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the...