GHSA-H4FW-6R7F-W494 Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

CVE-2026-3270

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

CVE-2026-3269

PSI Probe

IBM DataStage on Cloud Pak for Data 安全漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by International Business Machines IBM. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain security vulnerabilities. These vulnerabilities stem from the return of sensitive informatio...

PT-2026-20226

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 Description IBM DataStage on Cloud Pak for Data returns sensitive information in an HTTP response. This information could potentially be used to impersonate other users within th...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12060 DESCRIPTION: The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The...

CVE-2025-52864

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

Security Bulletin: Vulnerability in SSH servers which implement file transfer protocols affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in SSH servers which implement file transfer protocols has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

CVE-2025-54407

CVE-2025-54407 is a stored cross-site scripting vulnerability affecting GroupSession Free edition prior to 5.3.0, GroupSession byCloud prior to 5.3.3, and GroupSession ZION prior to 5.3.2. The published descriptions state that if a user accesses a crafted page or URL, an arbitrary script may be e...

PT-2025-50875

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

PT-2025-50877

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

EUVD-2021-19430

Malware in sbrugna...

EUVD-2024-30475

Malicious code in bioql PyPI...

EUVD-2024-54052

Malicious code in bioql PyPI...

EUVD-2024-2152

Malicious code in bioql PyPI...

EUVD-2022-44742

Malicious code in bioql PyPI...