CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

CVE-2026-30232 Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

CVE-2019-7655

Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...

CVE-2019-7654

Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another admin user via enginemanager/server/user/edit.htm in the Server-Users component. This issue w...

EUVD-2019-17187

Malware in sbrugna...

CVE-2025-0165

CVE-2025-0165 affects IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, with vulnerable versions 4.8.4–5.2.0. The flaw is a SQL injection in the cartridge that could let an attacker view, add, modify, or delete data in the backend database. IBM/ PT security notes and ENISA entries con...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Rack ( CVE-2024-26141 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-26141. Vulnerability Details CVEID:CVE-2024-26141 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Respondin...

CVE-2025-32279

Missing Authorization vulnerability in Shahjada Live Forms liveforms.This issue affects Live Forms: from n/a through = 4.8.5...

org.apache.camel.karaf:camel-undertow (>=4.8.1 <=4.8.5), org.apache.camel.springboot:camel-undertow-spring-security-starter (>=4.8.0 <=4.8.5) +3 more potentially affected by CVE-2025-27636 +2 more via org.apache.camel:camel-undertow (>=4.8.0 <=4.8.5)

org.apache.camel:camel-undertow MAVEN version =4.8.0, =4.8.1, =4.8.0, =4.8.0, =4.8.0, =4.8.0, =4.8.5 Source cves: CVE-2025-27636, CVE-2025-29891, CVE-2025-30177 Source advisory: OSV:GHSA-VQ4P-PCHP-6G6V...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonata-js JSONata

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonata-js JSONata. Vulnerability Details CVEID:CVE-2024-27307 DESCRIPTION: jsonata-js JSONata could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the JSONata...

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty

Summary IBM Cloud Pak for Data contains a vulnerable version of Netty Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

WordPress Jupiter X Core plugin <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export vulnerability

Missing Authorization to Unauthenticated Popup Template Export vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin JupiterX Core versions = 4.8.5...

WordPress plugin Jupiter X Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters during logging operations CVE-2023-28486. Sudo Project Sudo is included as a Base OS package used...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28487]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters by the "sudoreplay -l" command CVE-2023-28487. Sudo Project Sudo is included as a Base OS package...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH, caused by improper validation of shell metacharacters CVE-2023-51385. OpenSSH is included as a Base OS package used by our service runtimes. This vulnerabilitiy has...