Security Bulletin: IBM WebSphere Automation is vulnerable to an arbitrary code execution (CVE-2025-27363).

Summary IBM WebSphere Automation is vulnerable to an arbitrary code execution. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structure...

PT-2025-13: Bypass Regular Expression Denial of Service (ReDoS) in jsPDF

The vulnerability was identified in jsPDF library, versions prior to 3.0.0. The discovered vulnerability allows an attacker to pass unsanitized image urls to the vulnerable method that results in high CPU utilization and denial of service. Vulnerability status: Confirmed by vendor Date of...

Security Bulletin: Vulnerability inOpenSSL affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability inOpenSSL has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-51471, CVE-2024-51470, CVE-2024-52898, CVE-2024-52897, CVE-2024-52896 Vulnerability Details Refer to the security bulletins...

PT-2024-6044 · Es5-Ext +2 · Es5-Ext +2

Name of the Vulnerable Software and Affected Versions: es5-ext versions prior to 0.10.63 Description: The issue is related to the es5-ext package, which contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or...

PT-2023-30247 · Unknown · Peppermint Ticket Management

Name of the Vulnerable Software and Affected Versions: Peppermint Ticket Management versions prior to 0.2.4 Description: The issue allows remote attackers to read arbitrary files via a "/api/v1/users/file/download?filepath=./../" POST request. This is a significant security concern as it...

y-o-r.co.jp XSS vulnerability

Open Bug Bounty ID: OBB-83373 Description| Value ---|--- Affected Website:| y-o-r.co.jp Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...