CVE-2026-8479

IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is...

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...

EUVD-2025-208675

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

CVE-2025-6969

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input...

CVE-2025-52458

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios...

Adobe Substance3D Sampler 缓冲区错误漏洞

Adobe Substance3D Sampler is a software for rendering 3D scenes from Audobee Adobe USA. A buffer error vulnerability exists in Adobe Substance3D Sampler 5.1.0 and prior versions, which stems from an out-of-bounds write and could lead to the execution of arbitrary code...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to various issues identified within the package CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263. Huggingface/transformers is used in our speech service runtimes. This...

CVE-2025-11128 Feedzy RSS Feeds Lite <= 5.1.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.1.0 via the 'feedzysanitizefeeds' function. This makes it possible for authenticated attackers...

CVE-2025-26860

RemoteCall Remote Support Program for Operator versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...

chromatrace (>=0.1.6 <=0.1.7), ddos-blocker (>=0.0.3 <=0.0.13) +21 more potentially affected by CVE-2025-59681 via django (>=5.1.0 <=5.1.12)

django PYPI version =5.1.0, =0.1.6, =0.0.3, =0.0.15, =2.7.0, =1.0.3, =0.6.2, =5.1.0, =0.2.30, =1.42.2, =1.21.0, =1.21.1.dev5 and more Source cves: CVE-2025-59681 Source advisory: OSV:PYSEC-2025-106...

CVE-2025-59154 Openfire allows potential identity spoofing via unsafe CN parsing

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user identities from X.509 certificates. Instead of parsing the structured ASN.1 data, the code calls...

Openfire 安全漏洞

Openfire is an open source real-time collaboration RTC server from Ignite Realtime. A security vulnerability exists in Openfire versions 5.0.2 and 5.1.0 that stems from not properly handling user identities in X.509 certificates, which could allow an attacker to impersonate another user...

Improper Verification of Cryptographic Signature

Overview @node-saml/node-saml is a SAML 2.0 implementation for Node.js Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to loading assertions from unsigned response documents. An attacker can alter authentication details, such as modifying t...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a null pointer dereference in the PDF Preview module, and can ...

RT-Thread 输入验证错误漏洞

RT-Thread is an open source IoT real-time operating system RTOS from RT-Thread Open Source. An input validation error vulnerability exists in RT-Thread version 5.1.0, which stems from improper array index validation due to the operation of the parameter how in the file...

CVE-2023-51065

Incorrect access control in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Juraj Nemec poker10 in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

Novel-Plus 注入漏洞

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. An injection vulnerability exists in Novel-Plus version 5.1.0, which stems from the improper handling of the parameter sort by the function searchByPage in the file /book/searchByPage, resulting in SQL injection...