@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +14 more potentially affected by CVE-2026-27148 via storybook (>=8.7.0-alpha.0 <=9.1.18)

storybook NPM version =8.7.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =2.0.0-beta.3, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =8.7.0-alpha.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =0.2.7, =0.2.8 and more Source cves: CVE-2026-27148 Source advisory: OSV:GHSA-MJF5-7G4M-GX5W...

virt:ol and virt-devel:ol security and bug fix update

libvirt 8.0.0-10.1.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-10.1.el8 - qemuprocess: Don't require a hugetlbfs mount for memfd rhbz2132176 - qemunamespace: Tolerate missing ACLs when creating a path in namespace...

PT-2026-2483

Name of the Vulnerable Software and Affected Versions Pega Customer Service Framework versions 8.7.0 through 25.1.0 Description A flaw exists in Pega Customer Service Framework that allows a privileged user to upload a malicious file due to an unrestricted file upload. Recommendations Update Pega...

PT-2025-51451

Name of the Vulnerable Software and Affected Versions PenciDesign Soledad versions through 8.7.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

EUVD-2025-199536

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

PT-2025-47983

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

EUVD-2016-4432

Malware in sbrugna...

EUVD-2016-4431

Malware in sbrugna...

EUVD-2016-4439

Malware in sbrugna...

EasyVirt DC NetScope 安全漏洞

EasyVirt DC NetScope is an application from EasyVirt, Inc. provides network insight into the different network layers in the VMware infrastructure. A security vulnerability exists in EasyVirt DC NetScope version 8.7.0 and earlier, which stems from improper handling of the lang, keyboardlayout,...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to inconsistencies in the deserialization process of acknowledgments, leading to non-deterministic behavior that can halt a blockchain network. Note: This is only exploitable if the attacker has the...

Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)

Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...

Security Bulletin: IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025

Summary IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION...

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

WordPress Slider Hero Plugin <= 8.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Slider Hero Type Plugin Vulnerable versions = 8.6.1 Fixed in 8.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29922 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b14fdd6b236b Credits Jean Tirstan T Required privilege...

Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)

Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...

Security Bulletin: There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-44730 and CVE-2022-44729)

Summary There is a vulnerability in batik-all-1.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-44730 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a...

Security Bulletin: There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-47718)

Summary There is a vulnerability in CSRF Token used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-47718 DESCRIPTION: IBM Maximo Application Suite is vulnerable to cross-site request forgery which could allow an attacker to execute malicious...

Security Bulletin: IBM Maximo Manage is vulnerable to attack due to Eclipse Jetty ( IBM X-Force ID 261776)

Summary IBM Maximo Manage is vulnerable to attack due to Eclipse Jetty IBM X-Force ID 261776 Vulnerability Details IBM X-Force ID: 261776 DESCRIPTION: Eclipse Jetty is vulnerable to server-side request forgery, caused by improper handling of XML external entity XXE declarations by the XmlParser. ...

FasterXML Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...