Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

CVE-2025-63743

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

PT-2026-32381

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is execut...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT from v8.3.0 to v8.3.1 contain security vulnerabilities. These vulnerabilities stem from insufficient input validation for the Name and Surname fields, which may lead to cross-site...

CVE-2025-63743

Snipe-IT web-based asset management system (v8.3.0–v8.3.1) is affected by an authenticated stored XSS: an attacker with login privileges can inject JavaScript via the Name/Surname fields, executed when the Activity Report or a profile is viewed if Display Name is not set. The issue is fixed in v8...

Apache Solr <=8.3.1 - Remote Code Execution

Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset velocity/ directory or as a parameter. A user defined configset could contain renderable,...

Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the body-parser 2.2.0 package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5 and earlier. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies...

CVE-2026-25761

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

CVE-2026-25761 Command injection via crafted filenames in Super-linter Action

Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull...

PT-2026-7152

Name of the Vulnerable Software and Affected Versions Super-linter versions 6.0.0 through 8.3.0 Description Super-linter is susceptible to command injection through specially crafted filenames. When used in GitHub Actions workflows, an attacker submitting a pull request with a file containing she...

CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

PT-2026-5293

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

SonarQube code issues and vulnerabilities

SonarQube is an open-source code inspection tool developed by Sonar. Version SonarQube 8.3.1 has a code-related vulnerability. This vulnerability stems from the lack of quotation marks around service paths, which may allow local attackers to gain SYSTEM privileges...

Parse Server 代码问题漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions 4.2.0 through 7.5.3 and 8.0.0 through 8.3.1-alpha.1, which stems from improper handling of the uri...

WordPress plugin WP Full Pay SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...