GHSA-FV25-8XCX-GQJC Apache Tomcat - WebSocket authentication header exposure

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.2 to 9.0.117 Older, unsupported versions may also be affected Description: If a WebSocket request was redirected after authentication, Tomcat's WebSocket client would present the most recent...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library

Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the DOMPurify library

Summary Due to the use of the DOMPurify library, DevOps Test Performance and Rational Performance Tester contain a cross-site scripting XSS vulnerability CVE-2025-15599, CVE-2026-0540 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8...

CVE-2026-1345

CVE-2026-1345 is a concrete IBM vulnerability affecting IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1). The issue allows an unauthenticated attacker to execute arbitrary commands as a lower-privilege user due to improper validation of u...

CVE-2026-2844

Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2...

CVE-2026-3010

CVE-2026-3010 is a web-page generation input handling flaw in Microchip TimePictra (affected versions 11.0–11.3 SP2) causing stored XSS. The root cause is improper neutralization of input during page rendering, enabling injection that can impact confidentiality and integrity. The provided metrics...

CVE-2026-2844

CVE-2026-2844 (TimePictra) : Missing Authentication for a Critical Function in Microchip TimePictra enables Configuration/Environment Manipulation. Affected: TimePictra 11.0–11.3 SP2. CVSS 4.0 base score 9.3 (CRITICAL); Attack Vector: Network; Privileges Required: None; User Interaction: None; Im...

PT-2026-22467

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2...

Security Bulletin: IBM Event Endpoint Management is vulnerable to command injection vulnerability (CVE-2025-64756)

Summary IBM Event Endpoint Management is vulnerable to command injection vulnerability due to Glob matches files. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob...

Astra Linux - уязвимость в mariadb

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...

CVE-2025-36356

IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required...

SUSE CVE-2023-52971

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fixallsplittingsinplan...

Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from the presence of a competitive condition vulnerability. The...

CVE-2024-25696 Stored XSS in Portal for ArcGIS

There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when accessing the page editor an image will render in the victim’s browser. The privileges required to execute this attack...

PT-2023-3279 · Bosch · Bosch Bvms

Name of the Vulnerable Software and Affected Versions: Bosch VMS versions 11.0 through 11.1.1 Description: The issue is related to insufficient protection of service data in the SSH server of the Bosch BVMS video surveillance system management software. It allows a remote attacker to gain...

CVE-2023-25832

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions...

Security Bulletin: IBM Security Guardium is affected by a jsoup vulnerability (CVE-2021-37714)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause th...

Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to...

Apple macOS 权限许可和访问控制问题漏洞

Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. A privilege permission and access control issue vulnerability exists in Apple macOS versions 11.0 20A2411 - 11.6.5 20G527, which stems from incorrectly imposed security restrictions in PackageKit. A...