Lucene search
+L

2513 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:36 p.m.11 views

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597.

Summary IBM Edge Data Collector uses PyJWT-2.10.1-py3-none-any.whl, pyjwt-2.11.0-py3-none-any.whl which is vulnerable to CVE-2026-32597. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementatio...

7.5CVSS6.8AI score0.00269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:34 p.m.5 views

Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.

Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:23 p.m.6 views

Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800.

Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800. This bulletin contains information addressing the vulnerabilities. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier...

9.8CVSS7AI score0.01735EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:46 a.m.5 views

Security Bulletin: IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800.

Summary IBM Edge Data Collector uses lodash-4.17.23.tgz, lodash-es-4.17.23.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800. This bulletin contains information addressing the vulnerabilities. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier...

9.8CVSS7AI score0.01735EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.5 views

The vulnerability of the GC component in the Firefox browser and the Thunderbird email client allows a hacker to trigger a service failure.

The vulnerability of the GC component in the Firefox browser and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to cause a service failure...

10CVSS7.3AI score0.00247EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/05/04 12:0 a.m.5 views

The vulnerability of the GC component in the Firefox web browser and the Thunderbird email client, which allows a hacker to trigger a service failure

The vulnerability of the GC component in the Firefox web browser and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to cause a service failure...

10CVSS7.3AI score0.00315EPSS
Exploits0References10Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 12:6 p.m.12 views

Security Bulletin: IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274.

Summary IBM Edge Data Collector uses black-24.10.0-py3-none-any.whl which is vulnerable to CVE-2026-31900, CVE-2026-32274. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-31900 DESCRIPTION: Black is the uncompromising Python code formatter...

9.8CVSS7.8AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:55 a.m.16 views

Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:48 a.m.8 views

Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465.

Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:45 a.m.5 views

Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.

Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...

7.5CVSS5.8AI score0.00444EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 8:17 p.m.11 views

OneCollector exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over HTTP using the OpenTelemetry.Exporter.OneCollector exporter, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause...

5.9CVSS5.5AI score0.00338EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/29 5:43 p.m.7 views

CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

4.4CVSS5.7AI score0.00169EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:43 p.m.4 views

CVE-2026-26204

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

4.4CVSS5.7AI score0.00169EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/29 5:43 p.m.15 views

CVE-2026-26204

Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...

5.5CVSS5.8AI score0.00169EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/29 5:43 p.m.7 views

EUVD-2026-26259

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

4.4CVSS5.7AI score0.00169EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 5:43 p.m.31 views

CVE-2026-26204 Wazuh: Heap-based NULL WRITE Buffer Underflow in GetAlertData

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. D...

4.4CVSS0.00169EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-35961

Name of the Vulnerable Software and Affected Versions Wazuh versions 1.0.0 through 4.14.3 Description A heap-based out-of-bounds WRITE occurs in the GetAlertData function. This is caused by an unsigned integer underflow and pointer arithmetic wrapping, which results in a NULL byte being written...

4.4CVSS5.6AI score0.00169EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/04/23 1:26 a.m.7 views

SUSE CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

5.5CVSS5.6AI score0.00126EPSS
Exploits0References16
NVD
NVD
added 2026/04/22 2:16 p.m.6 views

CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

7.8CVSS0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 1:53 p.m.22 views

CVE-2026-31455

CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...

7.8CVSS5.6AI score0.00126EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder