Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`

Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel...

CVE-2026-33768

Astro: Unauthenticated Path Override via x-astro-path/x_astro_path affects Astro 5.18.1 + @astrojs/vercel 9.0.4 and Astro 6.0.3 + @astrojs/vercel 10.0.0, with patch in 10.0.2. The vulnerable code rewrites the internal request path from a caller-supplied header or query parameter without authentic...

Dotnetnuke 9.0.x < 9.13.10 / 10.0.x < 10.02.00 Stored XSS in Scheduler LogNotes (CVE-2026-24836)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 9.0.x prior to 9.13.10 or 10.0.x prior to 10.02.00. It is, therefore, affected by a vulnerability. - DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsof...

CVE-2025-14840

The CVE-2025-14840 entry concerns Drupal HTTP Client Manager with an improper check for unusual or exceptional conditions that could allow forceful browsing. Affected are Drupal HTTP Client Manager versions prior to 9.3.13, 10.0.0–10.0.2, and 11.0.0–11.0.1. Mitigation: upgrade to versions beyond ...

CVE-2025-14840 HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-55163

This High severity vulnerability known as CVE-2025-55163 was introduced in 3.3.1, 3.5.0, 3.6.0, 8.18.0, 9.1.0, 9.0.1, 9.2.0, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.4.5, 10.0.0, 9.4.6, 9.4.7, 9.4.8, 9.4.9, 9.4.11 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a...

CVE-2025-22166

CVE-2025-22166 is a Denial of Service vulnerability affecting Atlassian Confluence Data Center. Introduced in Confluence Data Center 2.0, it enables an unauthenticated remote attacker to render the host unavailable by disrupting services, with high impact on availability. The advisory recommends ...

DEBIAN-CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue...

IBM Security Verify Governance 安全漏洞

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. An information disclosure vulnerability exists in IBM Security verify...

CVE-2023-1917

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2022-35286

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814...

CVE-2020-14254

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it...

SonicWall Email Security Appliance Trust Management Issue Vulnerability

SonicWall Email Security Appliance is an email security appliance from SonicWall USA. A vulnerability with trust management issues exists in SonicWall Email Security Appliance version 10.0.2 and earlier. The vulnerability stems from the lack of an effective trust management mechanism in a network...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

DEBIAN-CVE-2016-7598

An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process...

2026-01 .NET 10.0.2 Update for x64 Server (KB5074754)

2026-01 .NET 10.0.2 Update for x64 Server KB5074754...