1176 matches found
CVE-2026-23926
An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...
EUVD-2026-27527
An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...
PT-2026-37344
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated administrator without super-user privileges can inject a JavaScript payload when creating a maintenance period. This payload is executed when an...
Malicious Package
Overview blackbeards-navigator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in blackbeards-navigator (npm)
Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...
MAL-2026-3199 Malicious code in blackbeards-navigator (npm)
Four pirate-themed npm packages blackbeards-navigator, beusy, sirens-lament, gunpowder-ghost were published by the npm account beusy with heavily inflated version numbers 209.0.0–210.0.0, a hallmark of dependency confusion attacks. Each package contains identical malicious lifecycle scripts...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch. CVE-2026-26996 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting gl...
Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic
Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic. CVE-2025-14505 The vulnerability have been addressed Vulnerability Details CVEID:CVE-2025-14505 DESCRIPTION: The ECDSA implementation of the Elliptic package generates incorrect signatures if a...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Lodash
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Lodash. CVE-2025-13465 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js. CVE-2026-32141, CVE-2026-0540, CVE-2026-2327, CVE-2026-27903, CVE-2026-27904. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3214...
Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in python_multipart
Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in pythonmultipart. CVE-2026-24486 vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version...
IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2026-16875)
IBM Content Navigator is an enterprise content management and collaboration platform for document management, workflow and content retrieval. A cross-site scripting vulnerability exists in IBM Content Navigator. The vulnerability stems from a failure to properly process user input and can be...
CVE-2026-1243
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
EUVD-2026-18112
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243 IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2026-1243
IBM Content Navigator is affected by CVE-2026-1243: vulnerable versions 3.0.15, 3.1.0, and 3.2.0 allow an authenticated user to embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted session. Remediation per IBM Security Bulletin: upgrade to 3.0.15 IF009, 3....
CVE-2026-1243 IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2026-29656
IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...