MINI-25WR-QMM3-9288

Bulletin has no description...

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 / 11.0.x < 11.2.1 / 11.3.0 (JSDSERVER-16502)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16502 advisory. - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects...

Security Bulletin: Vulnerability in sha.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in sha.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

Injection in Crowd Data Center and Server

This is a vulnerability in a non-Atlassian Crowd dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Injection vulnerability known as CVE-2025-9288 was introduced in versions 2.2.6, 2.4.11, 6.2.4, 6.3.0, and 7.1.0 of Crowd Da...

Security Bulletin: Astronomer with IBM is vulnerable to improper input validation due to the sha.js package (CVE-2025-9288)

Summary Sha.js is used by Astronomer with IBM as part of the cryptographic processing functionality. Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20:...

Security Bulletin: Due to use of the sha.js library, IBM watsonx Code Assistant IDE Extensions is affected by Improper Input Validation vulnerability

Summary Sha.js is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20: Improper Inpu...

EUVD-2017-9647

Malware in sbrugna...

EUVD-2014-9288

Malware in sbrugna...

Ubuntu: Security Advisory (USN-7778-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4302-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4302-1] node-sha.js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4302-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 16, 2025 https://wiki.debian.org/LTS -...

Debian dla-4302 : node-sha.js - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4302 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4302-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2025-9288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CVE-2025-9288 Note that Nessus relie...

org.webjars.npm:crypto-browserify (>=3.2.6 <=3.2.8), org.webjars.npm:node-libs-browser (>=0.5.2 <=0.5.3) +1 more potentially affected by CVE-2025-9288 via org.webjars.npm:sha.js (>=2.2.6 <=2.3.6)

org.webjars.npm:sha.js MAVEN version =2.2.6, =3.2.6, =0.5.2, =0.5.3 - org.webjars.npm:shasum =1.0.1 Source cves: CVE-2025-9288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-12089401...

2d-json-schema-editor-visual (>=1.0.2 <=1.0.7), 37sy-build (>=1.0.0 <=1.3.3) +3998 more potentially affected by CVE-2025-9288 via sha.js (>=2.1.1 <=2.4.11)

sha.js NPM version =2.1.1, =1.0.2, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =0.1.6, =1.0.0, =0.0.4, =0.1.0, =7.13.4, =18.0.0, =18.1.2 - @ajhyndman/relay =1.6.0-1 and more Source cves: CVE-2025-9288 Source advisory: SNYK:JS-SHAJS-12089400...

DEBIAN-CVE-2025-9288

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11...

CVE-2025-9288

creationtimestamp| type| source ---|---|--- 2025-08-20 21:59:39+00:00| published-proof-of-concept| https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5 2025-08-21 00:01:35+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lwun7gneeo2q 2025-08-26 02:15:16+00:00...

CVE-2020-9288

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack XSS via the ESS profile or the Radius Profile...