Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic. CVE-2025-14505 The vulnerability have been addressed Vulnerability Details CVEID:CVE-2025-14505 DESCRIPTION: The ECDSA implementation of the Elliptic package generates incorrect signatures if a...

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞

IBM Sterling B2B Integrator is a flexible integration platform that simplifies complex B2B and Electronic Data Interchange EDI processes across the partner ecosystem, supports local and hybrid cloud deployments, ensures data security, and provides high availability guarantees.IBM Sterling File...

EUVD-2025-34752

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

EUVD-2023-52427

Malicious code in bioql PyPI...

IBM InfoSphere Information Server SQL注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An SQL injection vulnerability exists in IBM InfoSphere Information Server version 11.7 that ste...

Unauthorized Access Vulnerability in the Integration Platform of Beijing UFIDA Government Affairs Software Co.

Beijing UFIDA Government Software Co., Ltd. is an all-round business management informatization solution provider for government departments, institutions and non-profit organizations. An unauthorized access vulnerability exists in the integration platform of Beijing UFIDA Government Affairs...

GHSA-XMHH-XRCC-MX36 Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

Celebrating a Milestone: 100 WIN Integrations and Counting!

The Wiz INtegration WIN Platform has come a long way in the year since it launched...

Cross Site Scripting (XSS)

Sentry is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of input sanitization for payloads sent from Integration platform integrations, which allows arbitrary HTML tags to be stored and rendered on the Issues page...

CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

CVE-2024-41656 Sentry vulnerable to stored Cross-Site Scripting (XSS)

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

CVE-2024-41656

Sentry vulnerability CVE-2024-41656 affects self-hosted Sentry versions 10.0.0 to before 24.7.1, where an unsanitized payload from an Integration platform could store arbitrary HTML that is later rendered on the Issues page. The issue is mitigated for Sentry SaaS (already patched) and on sentry.i...

GHSA-FM88-HC3V-3WWW Sentry vulnerable to stored Cross-Site Scripting (XSS)

Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...

Sentry vulnerable to stored Cross-Site Scripting (XSS)

Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise has a...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...

CVE-2023-52239

CVE-2023-52239 affects Magic xpi Integration Platform 4.13.4. The XML parser is vulnerable to XML External Entity (XXE) attacks, e.g., via onItemImport. Impacts include potential disclosure or manipulation of downstream data where XML is processed; exploitation details are not fully provided in t...