Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Details...

CVE-2026-8620

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

CVE-2026-8620

creationtimestamp| type| source ---|---|--- 2026-05-26 15:40:06+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3mmrdbmewjs2b 2026-05-26 19:03:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmrondqgyt2w 2026-05-26 21:05:06+00:00| seen|...

MAL-2025-8620 Malicious code in @malware-test-elder-lager-berms-crepy/test-mlw3-elder-lager-berms-crepy (npm)

The package @malware-test-elder-lager-berms-crepy/test-mlw3-elder-lager-berms-crepy was found to contain malicious code...

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

CVE-2019-8620

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address...

WordPress MapPress Maps for WordPress plugin < 2.93 - Admin+ Stored XSS via Map Settings vulnerability

Admin+ Stored XSS via Map Settings vulnerability discovered by Kientt in WordPress Plugin MapPress Maps for WordPress versions 2.93...

CVE-2024-8620

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620

CVE-2024-8620 affects the WordPress plugin MapPress Maps for WordPress, specifically versions prior to 2.93. The issue is that certain settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Linux Distros Unpatched Vulnerability : CVE-2016-8620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of- bounds read via user controlled input. CVE-2016-8620...

RHEL 7 : rh-dotnet21-curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: Glob parser write/read out of bounds CVE-2016-8620 - Use-after-free vulnerability in libcurl before...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

K31411450: cURL and libcurl vulnerability CVE-2016-8620

Security Advisory Description The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. CVE-2016-8620 Impact An attacker can cause a denial-of-service DoS by exploiting a flaw in the cURL tool's glob parser to...

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0053)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ISC BIND DNS Server Denial of Service (CVE-2020-8620)

A denial-of-service vulnerability exists in ISC BIND DNS Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...