Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty-server

Summary IBM webMethods BPM uses jetty-server as a transitive dependency brought in by the WebMethods Integration Server is-server dependency. The Integration Server runtime uses Jetty internally for its web server infrastructure. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists...

Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...

EUVD-2007-2398

Malware in sbrugna...

CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

CVE-2025-1521

PostHog slackincomingwebhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists with...

Apache OFBiz resolveURI Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveURI method. The issue results from improper URI validation...