66 matches found
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-48068)
Summary A vulnerability involving cross-site WebSocket hijacking in the Next.js framework CVE-2025-48068 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 15.5.15. Vulnerability Details CVEID:CVE-2025-48068 DESCRIPTION: Next.js is a React framework for buildin...
[SECURITY] [DSA 6311-1] php-twig security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2026 https://www.debian.org/security/faq -...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect in the authentication process. An attacker can redirect authentication requests to arbitrary LDAP servers by manipulating referral responses. Remediation Upgrade org.jenkins-ci.plugins:ldap to version 807.809.vd3a4e5e4ec98...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/v4/server/fleet to...
Important: git-lfs
Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...
Improper Authentication
Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 security and extras update
Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a security impact of...
Integer Underflow (Wrap or Wraparound)
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Execution with Unnecessary Privileges
Overview ciguard is a Static security auditor for CI/CD pipelines ā now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...
Server-side Request Forgery (SSRF)
Overview magicmirror is a The open source modular smart mirror platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the cors endpoint, which acts as an open HTTP proxy without authentication or URL validation. An attacker can force the server to make...
EUVD-2026-27321
Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...
Unsafe Reflection
Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...
[SECURITY] [DLA 4555-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4555-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 30, 2026 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 6237-1] openjdk-17
------------------------------------------------------------------------- Debian Security Advisory DSA-6237-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 29, 2026 https://www.debian.org/security/faq -...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar Vulnerability Details CVEID:CVE-2024-52979 DESCRIPTION: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial...
Origin Validation Error
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Origin Validation Error via the setsessioncookiesecure function. An attacker can cause session cookies to be issued without the Secure flag or disrupt user...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...
Missing Authentication for Critical Function
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to missing authentication in several HTTP transport endpoints and exposure of sensitive operationa...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the validateWebhookURL function. An administrator can access internal network resources and cloud metadata endpoints by submitting webhook URLs that use hostnames resolving to private IP addresses,...
Interpretation Conflict
Overview openclaw is a š¦ OpenClaw ā Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict in the startup migration process. An attacker can restore previously revoked configuration settings by leveraging the improper handling of empty-array values in th...