15 matches found
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...
actscene-ocr (>=0.1.3 <=0.1.5), agent-zero (>=0.1.0 <=0.1.2) +76 more potentially affected by CVE-2026-44660 via ujson (>=5.0.0 <=5.12.0)
ujson PYPI version =5.0.0, =0.1.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0a2, =2.2.0, =6.2.0.dev68, =0.1.0, =0.0.23, =0.1.0, =2.0.12, =0.0.59, =0.1.0, =8.124.0, =8.125.0 and more Source cves: CVE-2026-44660 Source advisory: SNYK:PYTHON-UJSON-16643463...
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux_2_34_x86_64.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux234x8664.whl Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5,...
CVE-2025-67719
Summary: CVE-2025-67719 affects Ibexa’s User Bundle in the Ibexa DXP. Versions 5.0.0-beta1–5.0.3 lack proper password-change validation due to an error introduced during the v4→v5 transition, allowing a logged-in attacker with an unattended session to change a user’s password without knowing the ...
CVE-2025-36225 IBM Aspera Faspex information disclosure
IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...
africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2757 more potentially affected by CVE-2024-38819 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.39)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.12, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...
GHSA-M9G8-FXXM-XG86 Django SQL injection in HasKey(lhs, rhs) on Oracle
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. Applications that use the...
PT-2024-20119 · Unifier +1 · Unifier +1
Name of the Vulnerable Software and Affected Versions: Unifier and Unifier Cast versions 5.0 or later Description: The issue is related to incorrect default permissions. If exploited, it may allow arbitrary code execution with LocalSystem privilege, potentially leading to the installation of...
CVE-2023-45859
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...
Vinchin Backup and Recovery Security Vulnerabilities
Vinchin Backup and Recovery is an easy-to-use, safe and reliable virtual machine data protection software from China Yunqi Technology Vinchin. It is used for backup and recovery. A security vulnerability exists in Vinchin Backup and Recovery that stems from the presence of a command injection...
SUSE CVE-2005-1974
Unspecified vulnerability in Java 2 Platform, Standard Edition J2SE 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.207, as used in multiple products and platforms including 1 HP-UX and 2 APC PowerChute, allows applications to assign permissions to themselves and gain privileges...
IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-08943)
IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.5, 5.0.7...
Fortinet FortiManager SQL Injection Vulnerability
Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and managemen...