MAL-2025-190811 Malicious code in @ensdomains/server-analytics (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94dd4c8b8f01e631a4c2d9a19e272458d58a22a5a20c89b97603a94e2b68c4a3 The package @ensdomains/server-analytics was found to contain malicious code. Source: ghsa-malware...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2025-36299

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

Oracle Business Intelligence Enterprise Edition (October 2025 CPU)

The 8.2.0.0.0 and 12.2.1.4.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle...

CVE-2025-36299

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

CVE-2025-36357

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

CVE-2025-36299

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36299

CVE-2025-36299 affects IBM Planning Analytics Local 2.1.0–2.1.14. The advisory states that these versions store sensitive information in source code, which could be leveraged in subsequent attacks against the system. The Fix/Remediation recommends upgrading to IBM Planning Analytics Local 2.1.15 ...

CVE-2025-36299 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36299 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36357 IBM Planning Analytics Local Directory Traversal

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

CVE-2025-36357 IBM Planning Analytics Local Directory Traversal

IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system...

CVE-2025-36357

IBM Planning Analytics Local (Workspace) versions 2.1.0–2.1.14 are affected by a directory traversal vulnerability that allows a remote authenticated user to view, read, or write arbitrary files by sending crafted URLs containing absolute path sequences. The issue is caused by improper handling o...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local - IBM Planning Analytics Workspace version 2.1.15. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high...

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.1.0 through 2.1.14 that originates from storing sensitive information in the code and could lead to further attacks...

PT-2025-47205

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.1.0 through 2.1.14 Description IBM Planning Analytics Local versions 2.1.0 through 2.1.14 stores sensitive information within its source code. This could potentially be leveraged in subsequent attacks...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...

CVE-2025-64292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through = 1.6.2...