19 matches found
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...
ROOT-APP-NPM-CVE-2026-33750 CVE-2026-33750 in @rootio/brace-expansion - Patched by Root
Root has patched CVE-2026-33750 in the @rootio/brace-expansion package for Root:npm. Multiple fixed versions available...
Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.20 / 10.4.x < 11.3.5 (JSDSERVER-16574)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16574 advisory. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750
Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...
Security Bulletin: There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33750)
Summary There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to...
Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.10 (CONFSERVER-103710)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103710 advisory. - This DoS Denial of Service vulnerability allows an unauthenticated attacker to cause a resource to be unavailable for its intended users by...
CLEANSTART-2026-BE61221 Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0
Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-33750
creationtimestamp| type| source ---|---|--- 2026-03-31 12:00:53+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mie4w26gcf25 2026-03-31 17:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0386/ 2026-05-20 14:10:21+00:00| seen|...
CVE-2026-33750 vulnerabilities
Vulnerabilities for packages: vitess, pulumi, rancher-api-ui, lerna, sqlpad, saf, py3-jupyterlab, kubeflow-centraldashboard, renovate, serve, eslint, langfuse, prism, npm, opensearch-dashboards, tileserver-gl, argo-workflows...
Linux Distros Unpatched Vulnerability : CVE-2026-33750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace patter...
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...
03-gs-ee-6 (=0.3.5), @albgen/capacitor-escpos-plugin (>=0.0.4 <=1.0.1) +2917 more potentially affected by CVE-2026-33750 via brace-expansion (>=4.0.0 <=5.0.2)
brace-expansion NPM version =4.0.0, =0.0.4, =1.1.7, =1.1.8 - @angranit/fantom-virma =0.1.0 - @angranit/first-step-to-get-tea =0.1.0 - @angranit/hapeipons =1.1.2 - @angranit/nearly-vm =0.1.0 - @angranit/newme-project =0.1.0 - @angranit/npmjs-for-tea-project =0.1.0 - @angranit/phantompirs =0.1.0 -...
03-gs-ee-6 (=0.3.5), @albgen/capacitor-escpos-plugin (>=0.0.4 <=1.0.1) +2917 more potentially affected by CVE-2026-33750 via brace-expansion (>=4.0.0 <=5.0.2)
brace-expansion NPM version =4.0.0, =0.0.4, =1.1.7, =1.1.8 - @angranit/fantom-virma =0.1.0 - @angranit/first-step-to-get-tea =0.1.0 - @angranit/hapeipons =1.1.2 - @angranit/nearly-vm =0.1.0 - @angranit/newme-project =0.1.0 - @angranit/npmjs-for-tea-project =0.1.0 - @angranit/phantompirs =0.1.0 -...
jo-cli (=1.0.2) potentially affected by CVE-2026-33750 via brace-expansion (=3.0.0)
brace-expansion NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on brace-expansion and may be impacted: - jo-cli =1.0.2 Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...
jo-cli (=1.0.2) potentially affected by CVE-2026-33750 via brace-expansion (=3.0.0)
brace-expansion NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on brace-expansion and may be impacted: - jo-cli =1.0.2 Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...
@activepieces/piece-google-gemini (=0.1.6), @activepieces/piece-google-vertexai (=0.1.2) +9 more potentially affected by CVE-2026-33750 via brace-expansion (>=2.0.0 <=2.0.2)
brace-expansion NPM version =2.0.0, =0.2.1, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...
@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +20 more potentially affected by CVE-2026-33750 via brace-expansion (>=1.1.0 <=1.1.11)
brace-expansion NPM version =1.1.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.1.1, =1.0.3-dev.20180316T104657Z.4a84a30, =1.1.0 and more Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...
@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +21 more potentially affected by CVE-2026-33750 via brace-expansion (>=0.0.0 <=1.1.11)
brace-expansion NPM version =0.0.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.0.0, =1.1.1, =1.1.1-dev.20200708T085824Z.de039d8.FLUID-6524 and more Source cves: CVE-2026-33750 Source advisory: OSV:GHSA-F886-M6HF-6M8V...