IBM: Reflected Cross-Site Scripting (XSS) found on IBM.com domain

A reflected Cross-Site Scripting XSS vulnerability was found on the IBM.com domain. The vulnerability was reported to IBM, analyzed, and remediated. The external researcher who reported the issue was acknowledged...

IBM: Middleware Authentication Bypass on IBM Portal

The vulnerability of middleware authentication bypass on the IBM Portal endpoint was reported, analyzed, and remediated. The discovery was reported by an external researcher...

IBM: Information disclosure on IBM training service endpoint

The IBM training service endpoint had an information disclosure vulnerability that was reported to IBM, analyzed, and remediated. The vulnerability was discovered and reported by an external researcher...

PT-2025-39219

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.207 Description An integer overflow in the V8 JavaScript engine within Google Chrome could lead to heap corruption. This issue potentially allows a remote attacker to exploit the system through a...

IBM: POST based Cross-Site Scripting on IBM research endpoint

The POST-based Cross-Site Scripting vulnerability on the IBM research endpoint was reported, analyzed, and remediated. The vulnerability was discovered by an external researcher...

IBM: SSRF via host header let access localhost via https://go.dialexa.com

The SSRF vulnerability via the host header was reported to IBM, analyzed, and remediated. The external researcher @mersa-v6 discovered this issue...

IBM: IBM OpenPages vulnerable to exposure of sensitive information

The IBM OpenPages vulnerability that exposed sensitive information was reported, analyzed, and remediated. The vulnerability was discovered by an external researcher...

IBM: S3 Bucket Takeover on apptio endpoint

The S3 bucket takeover vulnerability on the Apptio endpoint was reported, analyzed, and remediated. The external researcher who discovered the issue was thanked...

IBM: XSS in IBM InfoCenter

The IBM InfoCenter was found to have an XSS vulnerability. The issue was reported to IBM, analyzed, and has been remediated...

IBM: XSS in Aspera documentation website

The XSS vulnerability in the Aspera documentation website was reported to IBM, analyzed, and subsequently remediated. The external researcher who discovered the flaw was acknowledged for their contribution...

IBM: Improper Authentication on Alertmanager instance

Improper authentication was configured on an alertmanager instance. The issue was reported to IBM, analyzed, and remediated...

IBM: Unauthenticated Remote Access to Testing Endpoint

Unauthenticated remote access to a testing endpoint was reported, analyzed and remediated...

IBM: Jenkins server access due to weak password

Jenkins server access was gained due to a weak password. The issue was reported to IBM, analyzed, and remediated...

IBM: response manipulation leads to bypass in register at employee website than 0 click account takeover

Vulnerability description not provided...

IBM: Subdomain Takeover Affecting at vex.weather.com

Vulnerability description not provided...

IBM: IBM Maximo Asset Management could allow a remote attacker to bypass authentication due to improper access controls

Improper access controls in IBM Maximo Asset Management could allow a remote attacker to bypass authentication. This issue was reported to IBM, analyzed, and remediated...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 108 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 108.0.5359.71 Mac/linux and 108.0.5359.71/72 Windows contains a number of fixes and improvements -- a list of changes is...

Stable Channel Update for Desktop

The stable channel has been updated to 84.0.4147.135 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix

https://support.sonatype.com/hc/en-us/articles/360033490774 An OS command injection vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with administrative access to nxrm to execute arbitrary commands on the system. We...

Stable Channel Update for Desktop

The stable channel has been updated to 62.0.3202.89 for Windows, Mac and Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions...