Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

CVE-2026-27217

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...

SUSE CVE-2026-27585

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...

CVE-2025-36411 Multiple vulnerabilities found in IBM ApplinX.

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

PT-2026-3627

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

SUSE CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

EUVD-2025-30821

Malicious code in bioql PyPI...

CVE-2025-9983

The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...

IBM webMethods Integration 代码问题漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A code issue vulnerability exists in IBM webMethods Integration versions 10.15 and 11.1 that stems from vulnerability to server-side request forgery attacks that could result in unauthorized request...

CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440...

CVE-2023-30446

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361...

Unspecified Vulnerability in IBM EntireX

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A security vulnerability exists in IBM EntireX version 11.1, which stems from a security issue that can...

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query...

IBM CICS TX Standard 跨站脚本漏洞

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in IBM CICS TX Standard version 11.1, which stems from...

PT-2024-12763 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue concerns sensitive information disclosure when using ADMIN CMD with IMPORT or EXPORT. This affects the specified versions of...

CVE-2023-5118

The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...

PT-2024-14062 · Kofax +1 · Capture +1

Name of the Vulnerable Software and Affected Versions: Software versions prior to 11.1.x Description: The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint "/sofer/DocumentService.asc/SaveAnnotation", where input data transmitted via the POST method in the parameters...

CVE-2024-20808

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data...

CVE-2023-38727

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257...