Security Bulletin: IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063.

Summary IBM Edge Data Collector uses immutable-4.3.7.tgz which is vulnerable to CVE-2026-29063. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versio...

DEBIAN-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

UBUNTU-CVE-2026-29063

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

CVE-2026-29063 Immutable.js: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable

Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5...

GHSA-WF6X-7X77-MVGW Immutable is vulnerable to Prototype Pollution

Impact What kind of vulnerability is it? Who is impacted? A Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWith, merge, Map.toJS, and Map.toObject APIs. Affected APIs | API | Notes | | --------------------------------------- |...

WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'create_mollie_account' vulnerability

Missing Authorization in 'createmollieaccount' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...

PT-2026-6971

Name of the Vulnerable Software and Affected Versions cym1102 nginxWebUI versions through 4.3.7 Description A cross site scripting issue exists in cym1102 nginxWebUI. The issue is related to manipulation of the nginxDir argument within an unknown function of the file /adminPage/conf/check, part o...

Fedora 42 : libwebsockets (2025-0c12fa2541)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c12fa2541 advisory. Update to 4.3.7, enable glib event loop Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

EUVD-2020-0591

Malware in sbrugna...

EUVD-2020-0597

Malware in sbrugna...

CVE-2020-15155

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The issue is fixed in version 4.3.7...

CVE-2020-15154

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js...

Access Control Bypass

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...

CVE-2023-7294

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

CVE-2023-7291

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createmollieaccount function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7294 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the createmollieprofile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve...

CVE-2023-7291

The Paytium: Mollie payment forms & donations WordPress plugin (up to 4.3.7) is vulnerable due to a missing capability check in create_mollie_account, allowing authenticated subscribers to remotely set up a Mollie account and modify data. Impact is high (data integrity risk; potential confidentia...

WordPress plugin Paytium: Mollie payment forms & donations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...