Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 8:18 a.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)

Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...

9.8CVSS6AI score0.01049EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2026/03/27 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2026:1008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.01535EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

SUSE SLED15: firewalld-prometheus-config / golang-github-prometheus-alertmanager / etc (SUSE-SU-2026:1008-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1008-1 advisory. golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes...

9.8CVSS7.2AI score0.01535EPSS
Exploits3References16
RedhatCVE
RedhatCVE
added 2026/02/09 9:32 p.m.6 views

CVE-2026-1615

A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the static-eval module for processing user-supplied input leads to unsafe evaluation. Successful...

9.8CVSS6.1AI score0.01049EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/06/20 1:3 a.m.7 views

7ghost (>=4.11.0 <=4.11.46), @accordproject/concerto-ui-react (>=0.6.0 <=0.83.1-20200224151908) +270 more potentially affected by CVE-2026-1615 via jsonpath (>=1.0.0 <=1.2.1)

jsonpath NPM version =1.0.0, =4.11.0, =0.6.0, =0.82.10-20200221024018, =1.0.0, =1.1.0, =3.0.6371, =4.0.2, =2.0.4, =0.2.0, =4.0.149, =3.0.129, =4.0.174, =0.11.8, =1.2.5, =1.4.0 and more Source cves: CVE-2026-1615 Source advisory: SNYK:JS-JSONPATH-13645034...

9.8CVSS7.2AI score0.01049EPSS
Exploits0
Rows per page
Query Builder