Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-24040, CVE-2026-24043, CVE-2026-24133, CVE-2026-24737)

Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2026-24040 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS...

PT-2025-53650

Name of the Vulnerable Software and Affected Versions joey-zhou xiaozhi-esp32-server-java versions up to 3.0.0 Description A flaw exists in the Cookie Handler component’s tryAuthenticateWithCookies function within the AuthenticationInterceptor.java file. Manipulation of this function can result i...

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

EUVD-2025-203945

Amazon S3 Encryption Client has a Key Commitment Issue...

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

PT-2025-2366 · Apache · Apache Hive

Name of the Vulnerable Software and Affected Versions: Apache Hive versions prior to 4.0.0 Description: The issue arises from the use of Arrays.equals in LlapSignerImpl to compare message signatures, allowing an attacker to forge a valid signature for an arbitrary message byte by byte. This can...

PT-2024-32843 · Taipy · Taipy

Name of the Vulnerable Software and Affected Versions: Taipy versions prior to 4.0.0 Description: The issue concerns session cookies being served without Secure and HTTPOnly flags, which could expose them to interception or tampering if the connection is not secure. The HTTPOnly flag prevents the...

PT-2024-27450 · Amazon · Aws-Deployment-Framework

Name of the Vulnerable Software and Affected Versions: aws-deployment-framework versions prior to 4.0.0 Description: The AWS Deployment Framework ADF contains a bootstrap process that relies on elevated privileges to deploy ADF's bootstrap stacks, facilitating multi-account cross-region...

CVE-2023-35701

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...