Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745

Summary IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547.

Summary IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION:...

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860.

Summary IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This Bulletine contains information about vulnerability and it's remediation. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.11 / 10.1.x < 10.1.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.25 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.16 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability in Palo Al...

Palo Alto Networks PAN-OS Security Vulnerability

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS that stems from the presence of a stored cross-site scripting XSS vulnerability. Affected products and versions: Palo Alto Networks PAN-OS...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the 1 title or 2 text field in the cmscalendar page to cms/index.php; unspecified fields in 3 the cmspolls page to cms/index.php or 4 a new topic...