WordPress Events Manager <= 7.0.3 - SQL Injection

The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-3603

The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...

EUVD-2026-31951

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue...

IBM Jazz Foundation 安全漏洞

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology developed by the American company International Business Machines IBM. Versions 7.0.3 to 7.0.3 iFix019 and 7.1.0 to 7.1.0 iFix005 of IBM Jazz Foundation contain security vulnerabilities. These...

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...

Altium Enterprise Server security vulnerabilities

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from HTML injection in Project Release, which may allow arbitrary JavaScrip...

Altium Enterprise Server security vulnerabilities

Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from a stored-xss attack in the Description field of the BOM Viewer, which...

Apache Struts has a Denial of Service vulnerability

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

ReQuest Serious Play F3 Media Server 操作系统命令注入漏洞

ReQuest Serious Play F3 Media Server is a digital media server from ReQuest Serious Play, Inc. An operating system command injection vulnerability exists in ReQuest Serious Play F3 Media Server version 7.0.3, which originates from unauthenticated remote code execution and could lead to an attacke...

CVE-2025-13185 Bdtask/CodeCanyon News365 profile unrestricted upload

A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profileimage/bannerimage results in unrestricted upload. The attack can be launched remotely. The exploit has been...

CVE-2025-62884 WordPress Coupon Affiliates plugin <= 7.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coupon Affiliates: from n/a through = 7.2.0...

EUVD-2025-33894

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security...

EUVD-2021-0135

Malware in sbrugna...

EUVD-2025-8842

Malicious code in bioql PyPI...

EUVD-2024-21975

Malicious code in bioql PyPI...

EUVD-2025-25663

Malicious code in bioql PyPI...

Security Bulletin: The IBM® Engineering Lifecycle Management - Jazz Foundation is impacted by Relative Path Traversal vulnerability.

Summary A vulnerability has been identified in IBM Engineering Lifecycle Management -Jazz Foundation, due to relative path traversal. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-25048 DESCRIPTION: IBM Jazz Foundation...