14813 matches found
Incorrect Authorization
Overview openharness-ai is an Open-source Python port of Claude Code - an AI-powered CLI coding assistant Affected versions of this package are vulnerable to Incorrect Authorization due to inconsistent parameter handling in permission enforcement within the readfile, writefile, editfile, and...
CVE-2026-39318
CVE-2026-39318 affects ChurchCRM prior to 7.1.0, where the GroupPropsFormRowOps.php file renders user-provided Field input directly into SQL queries. The underlying issue is improper sanitization, and specifically that mysqli_real_escape_string() does not escape backtick characters, enabling an a...
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations...
CVE-2025-65116
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...
CVE-2025-65115
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...
EUVD-2025-209257
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...
CVE-2025-65116
Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...
CVE-2025-65115
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...
CVE-2025-65115 Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM
Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...
LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations
Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...
Why Every Enterprise Needs a Risk Operations Center (ROC)
Enterprise security has long optimized for speed of response over prevention of risk. At Qualys, we recognized early that this left half the problem unsolved, and we have spent years building the operational frameworks to close that gap. The Risk Operations Center is the result. Here is a scenari...
EUVD-2026-19323
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations...
EUVD-2025-209222
Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information Disclosure, Buffer Overflow and Denial of Service (DoS) due to Java JSON library ('Jackson')
Summary Jackson is used in Apache Solr, Apache ZooKeeper, and Logstash by IBM Operations Analytics - Log Analysis as part of parsing, generating, or serialising JSON data as part of their request handling, configuration processing, or structured logging workflows. CVE-2025-49128, CVE-2025-52999,...
Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling
Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...
CVE-2026-21372
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations...
CVE-2026-32602
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...
CVE-2026-32602 Homarr has a Race Condition in Invite Token Registration (TOCTOU)
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...
EUVD-2026-19277
Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI
Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...