CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

GHSA-8QJV-JJ2Q-X832 Auth.js SDK has Improper Permission Checking

Description Under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. Am I Affected? Users are affected if they meet each of the following preconditions: - Applications built...

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

Linux Distros Unpatched Vulnerability : CVE-2021-35513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid before 8.11.0 allows XSS when the antiscript feature is used. CVE-2021-35513 Note that Nessus relies on the presence of the package as reported by the...

Austrian Archaeological Institute OpenAtlas 安全漏洞

Austrian Archaeological Institute OpenAtlas is a software platform for humanities research from Austrian Archaeological Institute, Austria. A security vulnerability exists in Austrian Archaeological Institute OpenAtlas version v8.11.0, which stems from the presence of cross-site scripting in the...

Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)

Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...

Security Bulletin: IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025

Summary IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION...

MAL-2024-1739 Malicious code in ajv-8.11.0 (npm)

--- -= Per source details. Do not edit below this line.=-...

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)

Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-22036 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow a remo...

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity (XXE) attack (CVE-2024-27266)

Summary IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...

UBUNTU-CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

Elasticsearch 8.11.1 Security Update (ESA-2024-05)

Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...

Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Pillow-9.3.0-cp37-cp37m-manylinux228x8664.whl which is vulnerable to CVE-2023-44271 Vulnerability Details CVEID:CVE-2023-44271 DESCRIPTION: Pillow is vulnerable to a denial of service, caused by a flaw with uncontrollably allocates...

Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)

Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...

Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)

Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

Security Bulletin: IBM Maximo Manage is vulnerable to attack due to Eclipse Jetty ( IBM X-Force ID 261776)

Summary IBM Maximo Manage is vulnerable to attack due to Eclipse Jetty IBM X-Force ID 261776 Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. ...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

SUSE CVE-2022-29244

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...