20 matches found
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...
CVE-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...
Linux Distros Unpatched Vulnerability : CVE-2026-40170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...
DEBIAN-CVE-2026-34500
CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...
Linux Distros Unpatched Vulnerability : CVE-2026-27859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery...
Security Bulletin: Weaker than expected SQL injection protection may affect IBM Business Automation Workflow traditional - CVE-2025-5878
Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable library of ESAPI. Vulnerability Details CVEID:CVE-2025-5878 DESCRIPTION: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of t...
CVE-2026-21877 n8n is vulnerable to Remote Code Execution via Arbitrary File Write
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...
CVE-2025-67736
The CVE-2025-67736 entry concerns the FreePBX tts (Text to Speech) module. Affected versions are prior to 16.0.5 and 17.0.5. The vulnerability is an SQL injection exploitable by authenticated users with administrator access via the Administrator Control Panel (ACP). Successful exploitation can di...
Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.
Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...
PT-2025-44295
Name of the Vulnerable Software and Affected Versions Jenkins Curseforge Publisher Plugin version 1.0 Description The Jenkins Curseforge Publisher Plugin version 1.0 stores API Keys unencrypted in config.xml files on the Jenkins controller. These files are accessible to users with Item/Extended...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Eclipse Jetty
Summary There is vulnerability in Eclipse Jetty used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 t...
PT-2025-14432 · Wisdomlogix Solutions Pvt. · Fonts Manager | Custom Fonts
Name of the Vulnerable Software and Affected Versions: Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts versions 1.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for...
PT-2024-38666 · WordPress · Beaver Builder
Name of the Vulnerable Software and Affected Versions: Beaver Builder – WordPress Page Builder versions up to, and including, 2.8.3.5 Description: The issue is related to Stored Cross-Site Scripting via the type parameter due to insufficient input sanitization and output escaping. This allows...
BIT-SOLR-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2022-4588
A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to...
Improper Input Validation
Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of CGI::Cookie content, which allows an attacker to inject invalid attributes in the Set-Cookie header and insert a newline...
PT-2022-23088
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when tf.quantization.fake quant with min max vars per channel...
DEBIAN-CVE-2022-30322
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0...
PT-2018-3897 · Oracle +1 · Mysql Server
Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.11 and prior Description: The issue is related to inadequate access control in the Server: Replication component of Oracle MySQL Server. This can be exploited by a remote attacker to cause a denial of service...
Mozilla Browsers shell: URI Arbitrary Command Execution
The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...