Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerabilit...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2026-8633, CVE-2026-8620]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Details...

CVE-2026-8620

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

CVE-2026-8620

creationtimestamp| type| source ---|---|--- 2026-05-26 15:40:06+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3mmrdbmewjs2b 2026-05-26 19:03:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmrondqgyt2w 2026-05-26 21:05:06+00:00| seen|...

MAL-2025-8620 Malicious code in @malware-test-elder-lager-berms-crepy/test-mlw3-elder-lager-berms-crepy (npm)

The package @malware-test-elder-lager-berms-crepy/test-mlw3-elder-lager-berms-crepy was found to contain malicious code...

CVE-2025-8620 GiveWP – Donation Plugin and Fundraising Platform <= 4.6.0 - Unauthenticated Donor Data Exposure

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id. CVE-2025-47444 is a duplicate of this...

CVE-2019-8620

A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address...

WordPress MapPress Maps for WordPress plugin < 2.93 - Admin+ Stored XSS via Map Settings vulnerability

Admin+ Stored XSS via Map Settings vulnerability discovered by Kientt in WordPress Plugin MapPress Maps for WordPress versions 2.93...

CVE-2024-8620

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8620

CVE-2024-8620 affects the WordPress plugin MapPress Maps for WordPress, specifically versions prior to 2.93. The issue is that certain settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed ...

CVE-2024-8620 MapPress Maps for WordPress < 2.93 - Admin+ Stored XSS via Map Settings

The MapPress Maps for WordPress plugin before 2.93 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Linux Distros Unpatched Vulnerability : CVE-2016-8620

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of- bounds read via user controlled input. CVE-2016-8620...

RHEL 7 : rh-dotnet21-curl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - curl: Glob parser write/read out of bounds CVE-2016-8620 - Use-after-free vulnerability in libcurl before...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

K31411450: cURL and libcurl vulnerability CVE-2016-8620

Security Advisory Description The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. CVE-2016-8620 Impact An attacker can cause a denial-of-service DoS by exploiting a flaw in the cURL tool's glob parser to...

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...