CVE-2026-27214

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

CVE-2026-4599

JSrsasign versions 7.0.0–11.0.x are vulnerable due to Incomplete Comparison with Missing Factors in src/crypto-1.1.js: getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax perform incorrect compareTo checks that accept out-of-range candidates, biasing DSA nonces and enabling private key r...

CVE-2026-0999

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to properly validate login method restrictions which allows an authenticated user to bypass SSO-only login requirements via userID-based authentication. Mattermost Advisory ID: MMSA-2025-00548...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.1.2 and earlier 11.1.x series, 10.11.9 and earlier 10.11.x series, and 11.2.1 and earlier 11.2.x series have security vulnerabilities. These vulnerabilities stem fro...

CVE-2025-14150

CVE-2025-14150 affects IBM webMethods Integration (on prem) Server versions 10.15 through IS_10.15_Core_Fix24 and 11.1 through IS_11.1_Core_Fix8. Root cause: server responses could disclose sensitive user information. Impact: exposure of sensitive information with network access (vector: network,...

SeaCMS cross-site scripting vulnerabilities

SeaCMS is a free, open-source website content management system developed using PHP by the company Ocean CMS. This system is primarily designed for managing video on-demand resources. Version 11.1 of SeaCMS contains a cross-site scripting vulnerability, which stems from improper cleaning of the...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36411

IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36419

IBM ApplinX 11.1 contains CVE-2025-36419, a vulnerability where server architecture information may be disclosed, potentially aiding further attacks. Affected component: server-side information exposure in IBM ApplinX 11.1 (CVE-2025-36419). Impact: confidentiality impact (C=L) with no stated inte...

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

CVE-2025-64756

CVE-2025-64756 is a command-injection vulnerability in glob's -c/--cmd handling. The IBM bulletins show this CVE affecting IBM Maximo Application Suite components (e.g., Visual Inspection) and related bundles, with remediation by upgrading the affected glob component to 10.5.0 or 11.1.0 (patches ...

CVE-2025-36037

IBM webMethods Integration Server (on‑prem) versions 10.15 and 11.1 are affected by a server‑side request forgery (SSRF) vulnerability (CVE-2025-36037). The issue allows an authenticated attacker to cause unauthorized requests from the server, potentially enabling network enumeration. Remediation...

IBM webMethods Integration 格式化字符串错误漏洞

IBM webMethods Integration is a hybrid enterprise iPaaS from International Business Machines IBM. A Formatting String Error vulnerability exists in IBM webMethods Integration versions 10.15 and 11.1, which stems from improper validation of parameter formatting strings passed to an external source...

IBM CICS TX Standard 缓冲区错误漏洞

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A buffer error vulnerability exists in IBM CICS TX Standard version 11.1, which stems from the...

IBM CICS TX Standard 缓冲区错误漏洞

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A buffer error vulnerability exists in IBM CICS TX Standard version 11.1, which stems from the...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana version v11.1.0, which stems from a...

CVE-2024-56476

IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy...

CVE-2024-56812

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

CVE-2024-56810

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

IBM EntireX 安全漏洞

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A security vulnerability exists in IBM EntireX version 11.1 that originates from the return of a Detail...