Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION...

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

EUVD-2019-10392

Malware in sbrugna...

EUVD-2021-26226

Malware in sbrugna...

EUVD-2020-29025

Malware in sbrugna...

EUVD-2005-3465

Malware in sbrugna...

EUVD-2024-25384

Malicious code in bioql PyPI...

EUVD-2022-0950

Malicious code in bioql PyPI...

EUVD-2025-12747

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10....

CVE-2020-27747

An issue was discovered in Click Studios Passwordstate 8.9 Build 8973.If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator 4 digits, a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As resul...

CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

CVE-2025-46558

The CVE-2025-46558 issue affects XWiki Contrib's Syntax Markdown (org.xwiki.contrib.markdown:syntax-markdown-commonmark12). A cross-site scripting (XSS) vulnerability exists in Markdown syntax versions 8.2 through before 8.9 via HTML, allowing any user to embed JavaScript that executes in other u...

CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

EulerOS Virtualization 2.12.0 : openssh (EulerOS-SA-2024-2333)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

Red Hat Enterprise Linux SEoL (8.8.x, 8.9.x)

According to its version, Red Hat Enterprise Linux is 8.8.x or 8.9.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

SUSE CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges...