Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.25 Vulnerability Details CVEID:CVE-2026-30951 DESCRIPTION: Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672

Summary IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33671...

List of Security Fixes and Improvements in Veeam Service Provider Console

Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Service Provider Console. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to help...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch (CVE-2026-33671, CVE-2026-33672)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch CVE-2026-33671, CVE-2026-33672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...

Security Bulletin: IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Edge Data Collector uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior t...

Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671)

Summary There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regula...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672.

Summary IBM Maximo Application Suite - Monitor Component uses picomatch-2.3.1.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

ROOT-APP-NPM-CVE-2026-33671 CVE-2026-33671 in @rootio/picomatch - Patched by Root

Root has patched CVE-2026-33671 in the @rootio/picomatch package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33672 CVE-2026-33672 in @rootio/picomatch - Patched by Root

Root has patched CVE-2026-33672 in the @rootio/picomatch package for Root:npm. Multiple fixed versions available...

Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

...

Picomatch has a ReDoS vulnerability via extglob quantifiers

...

Linux Distros Unpatched Vulnerability : CVE-2026-33671

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when...

Linux Distros Unpatched Vulnerability : CVE-2026-33672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the...

CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

DEBIAN-CVE-2026-33671

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

DEBIAN-CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...

CVE-2026-33672

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to a method injection vulnerability affecting the POSIXREGEXSOURCE object. Because the object inherits from Object.prototype, specially crafted POSIX bracket expressions e.g., :constructor: ca...