31 matches found
Ally – Web Accessibility & Usability <= 4.0.3 - SQL Injection
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses socket.io-parser-4.2.4 in inspections app which is vulnerable to CVE-2026-33151
Summary IBM Maximo Application Suite - Manage Component uses socket.io-parser-4.2.4 in inspections app which is vulnerable to CVE-2026-33151 Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior t...
Important: Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image
A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, an...
Important: Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image
A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, an...
CVE-2026-2413
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the getglobalremediations method, where it is directly concatenated...
Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2667)
Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-2667 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive system information about the server to a privileged...
Security Bulletin: Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration
Summary Apache Axis1 CVE-2023-51441 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-side request forgery, caused by a improper input...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms
Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabili...
farnambaspar.com Cross Site Scripting vulnerability OBB-4042886
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
evreka.gr Cross Site Scripting vulnerability OBB-4042750
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2024-31141)
Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect privilege manageme...
dev3.host-world.com Cross Site Scripting vulnerability OBB-4040098
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
caribehost.co Cross Site Scripting vulnerability OBB-4038679
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
budgetsuites.com Cross Site Scripting vulnerability OBB-4038474
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cn-kak.com Cross Site Scripting vulnerability OBB-4032861
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: Vulnerability in snappy-java affects watsonx.data
Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...
Security Bulletin: Vulnerability in libndp (CVE-2024-5564) affects Power HMC.
Summary The libndp library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-5564 DESCRIPTION: libndp is vulnerable to a buffer overflow, caused by improper bounds checking by NetworkManager. By sending a specially crafted...
CVE-2024-9537
ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...
CVE-2024-9537 ScienceLogic SL1 unspecified vulnerability
ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...
CVE-2024-9537
ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...