Security Bulletin: Due to use of js-yaml-4.1.0.tgz, IBM Sterling Connect:Direct Web Services is affected by modify the prototype of the result of a parsed yaml.

Summary js-yaml-4.1.0.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64718. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +1307 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.3.0 <=6.3.10)

org.springframework.security:spring-security-core MAVEN version =6.3.0, =0.1, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.2.2 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

PT-2026-26633

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An issue exists in QHora where an improper restriction of communication channels to intended endpoints can allow an attacker with physical access to gain elevated privileges. The issue was exploite...

Actual Sync Server has an Authenticated Path Traversal

Description Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outsid...

CVE-2025-68534

Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through = 6.3.0...

CVE-2025-68534

CVE-2025-68534 : WordPress PDF for WPForms plugin &lt;= 6.3.0 has a Missing Authorization vulnerability (Broken Access Control) in the pdf-for-wpforms add-on. Root cause: incorrectly configured access control security levels allowing unauthorized PDF access. Impact: potential unauthorized access ...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510 ABB Ability OPTIMAX Authentication Bypass in Single-Sign On

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...

CVE-2025-63025

creationtimestamp| type| source ---|---|--- 2025-12-09 15:39:47+00:00| seen| https://gist.github.com/Darkcrai86/bbc8d4387a9b7424bc26ba53b8e9678d...

CVE-2024-49808

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions...

Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.3.0 and 6.3.1, which stems from a lack of authorization when using @AuthorizeReturnObject, and allows ...

DedeBIZ 代码问题漏洞

DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A code issue vulnerability exists in DedeBIZ version 6.3.0, which stems from the parameter litpic in the file admin/archivesdo.php that can lead to unrestricted uploads...

PT-2024-38673 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6.3.0 Description: A critical vulnerability was found in DedeBIZ, affecting an unknown functionality of the file admin/media add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to...

CVE-2023-35020

IBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257874...

PT-2024-12491 · Ibm · Ibm Sterling Control Center

Name of the Vulnerable Software and Affected Versions: IBM Sterling Control Center version 6.3.0 Description: The issue allows a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary file...

WordPress Theme Weaver Xtreme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-46307

Summary: CVE-2023-46307 affects etcd-browser (build 87ae63d75260). The vulnerability is in server.js and enables a directory traversal by supplying a /../../../ path in the URL in a remote-connection context, allowing retrieval of local operating system files on the remote system. Impact: potenti...

CVE-2023-48698 Azure RTOS USBX Remote Code Execution Vulnerability

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to expired pointer dereference vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host...