Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution (CVE-2026-27212)

Summary Node.js module swipper is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

CVE-2026-27212

Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf function is used to check whether user provided...

Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...

GHSA-HMX5-QPQ5-P643 Prototype pollution in swiper

Summary A prototype pollution vulnerability exists in the the npm package swiper =6.5.1, -1; let obj = ; var maliciouspayload = '"proto":"polluted":"yes"'; console.log.polluted; swiper.default.extendDefaultsJSON.parsemaliciouspayload; console.log.polluted; // prints yes - indicating that the patc...

EUVD-2025-28815

Malicious code in bioql PyPI...

MAL-2024-10653 Malicious code in @sportdigi/bootstrapper (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 606eac7e59a098b487b61377214416850ff371fc507eb544c97622670ff87dc8 The OpenSSF Package Analysis project identified '@sportdigi/bootstrapper' @ 12.1.2 npm as malicious. It is considered malicious because: - The...

Foxit Reader 资源管理错误漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader version 12.1.2.15332, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2023-33240

Foxit PDF Reader 12.1.1.15289 and earlier and Foxit PDF Editor 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users...

CVE-2023-33240

Foxit PDF Reader 12.1.1.15289 and earlier and Foxit PDF Editor 12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users...

Vulnerabilities fixed in Foxit PDF Editor and PDF Reader

Foxit has fixed vulnerabilities in its PDF Reader and Editor. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. This requires the malicious party to trick the victim into opening a malicious file to...

CVE-2021-35536

Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite component: Miscellaneous. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Deal Management...

CVE-2021-2259

Vulnerability in the Oracle Payables product of Oracle E-Business Suite component: India Localization, Results. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2020-2821

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Budget. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

F5 Networks BIG-IP : BIG-IP APM VPN vulnerability (K20087443)

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a 'flow not in use' assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail...

CVE-2018-2889

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Internal Operations. The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful...

CVE-2018-5522

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash...

Design/Logic Flaw

Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite subcomponent: General Utilities. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with netwo...

F5 BIG-IP APM Information Disclosure Vulnerability

F5 BIG-IP Access Policy Manager APM is a suite of access and security solutions from F5 USA. The solution provides unified access to business-critical applications and networks. An information disclosure vulnerability exists in F5 BIG-IP APM versions 13.0.0 and 12.1.2. An attacker could exploit t...

CVE-2017-6144

In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code TAC database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in...

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure / Exploit Title: Ticketbleed CVE-2016-9244 F5 BIG-IP SSL virtual server Memory Leakage Date: 10.02.2017 Exploit Author: Ege Balcı Vendor Homepage: https://f5.com/ Version: 12.0.0 - 12.1.2 && 11.4.0 - 11.6.1 Tested on: Multiple CVE :...