Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muldi3 process. An attacker can infer sensitive cryptographic data by measuring execution time variations during cryptographic operations on RISC-V RV32I architectures. Remediation Upgrade wolfssl to version...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure when applying isFilterable to sensitive data. By adding malicious uniqueness filters to the where clause of an update or delete operation, a user can infer the presence of specific values in records the user does no...

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8916

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-11831

Summary Node is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details IBM X-Force ID: 351136 DESCRIPTION: Node.js npm inflight module is vulnerable to a denial of service, caused by the failure to properly delete keys from the reqs object after...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109

Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

EUVD-2024-55477

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2024-42210

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2024-42210

CVE-2024-42210 affects HCL Unica Marketing Operations v12.1.8 and earlier. It is a Stored XSS vulnerability (second-order/persistent XSS) where data from untrusted sources can be included in later HTTP responses in an unsafe manner. The CVSS 3.1 base metrics indicate a HIGH severity (7.6) with ne...

CVE-2024-42210

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions 2026.2.22 and 2026.2.23 of OpenClaw contain security vulnerabilities. These vulnerabilities stem from an authorization bypass issue in the synology-chat plugin. This could allow attackers to circumvent...

HCL Unica Marketing Operations 安全漏洞

HCL Unica Marketing Operations is a marketing activity management platform of the Indian company HCL. Versions of HCL Unica Marketing Operations 12.1.8 and earlier contained security vulnerabilities. These vulnerabilities were due to improper handling of data from unreliable sources, and could le...

PT-2026-26260

A Stored cross-site scripting XSS vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting also known as second-order or persistent XSS arises when an application receives data from an untrusted source and includes that data within its later HTTP...

CVE-2026-23255

The connected Amazon Linux advisory confirms CVE-2026-23255 is a Linux kernel vulnerability where /proc/net/ptype lacked proper RCU protection. The fix adds an explicit device pointer tracking and ensures RCU-compliant reads in ptype_seq_show(), with full READ_ONCE protection in ptype_seq_next() ...