Microsoft 365 Copilot BizChat 注入漏洞

Microsoft 365 Copilot BizChat is an AI chat software developed by Microsoft Corporation. There is a vulnerability in Microsoft 365 Copilot BizChat, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability could allow unauthorized...

icarus (>=0.2.0 <=0.5.8), icarus-core (>=0.1.0 <=0.5.8) +9 more potentially affected by CVE-2026-42559 via rmcp (>=0.1.1 <=0.6.4)

rmcp CARGO version =0.1.1, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2026-42559 Source advisory: OSV:GHSA-89VP-X53W-74FX...

Allocation of Resources Without Limits or Throttling

Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by sending malicious FormData in an HTTP request...

Allocation of Resources Without Limits or Throttling

Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via server function endpoints. An attacker can cause out-of-memory exceptions or induce excessive CPU usage by...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-27448 DESCRIPTION: pyOpenSSL is a Python wrappe...

CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

EUVD-2025-209661

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

grafana-pcp security update

An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

CVE-2025-59851

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...

HCL DFXAnalytics 安全漏洞

HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from the use of components with known vulnerabilities. The application also utilizes libraries or sub-components that are not...

PT-2026-37439

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

PT-2026-38086

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management SM affected versions not specified Description HCL BigFix Service Management SM is susceptible to a root file system not mounted as read-only. An improperly configured root file system may allow unintended...

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios i...

MAL-2026-3339 Malicious code in nf-ui-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5d1fc3aadbb204f6da1c0db37a6e1b540bdcc3964bd033d5657a067d7e246cc The package nf-ui-components was found to contain malicious code. Source: ghsa-malware 4ab8cac0b0cae1864121f4fd7223e6cb7bb0168d113ece4974f94aae4e2418...

Malicious Package

Overview nf-ui-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...