Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427

Summary IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4427 DESCRIPTION: Rejected...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922

Summary IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for...

Information Disclosure in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables

Impact Multiple stored Cross-Site Scripting stored XSS vulnerabilities in the BO: an attacker who can inject data into the database, via limited back-office access or a previously existing vulnerability, can exploit unprotected variables in back-office templates. Patches Patched on 8.2.5 and 9.1....

WordPress WP Recipe Maker plugin <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'tag' vulnerability discovered by wesley wcraft in WordPress Plugin WP Recipe Maker versions = 9.1.0...

CVE-2025-64520

GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.21, an unauthorized user with an API access can read all knowledge base entries. Users should upgrade to 10.0.21 to receive a patch...

CVE-2025-36386

CVE-2025-36386 affects IBM Maximo Application Suite: MAS Manage component versions 9.0.0–9.0.15 and 9.1.0–9.1.4, where a flaw in MXCSP integration with Cognos Analytics allows a remote attacker to bypass authentication and gain full access. The vulnerability is linked to authentication bypass by ...

FreeBSD : py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL (cb570d6f-9ea9-11f0-9446-f02f7497ecda)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cb570d6f-9ea9-11f0-9446-f02f7497ecda advisory. Oracle reports: Vulnerability in the MySQL Connectors product of Oracle MySQL component:...

Linux Distros Unpatched Vulnerability : CVE-2025-53112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0...

Linux Distros Unpatched Vulnerability : CVE-2025-21567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 9.1.0 and prior...

Linux Distros Unpatched Vulnerability : CVE-2025-21501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and pri...

Linux Distros Unpatched Vulnerability : CVE-2025-21499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior...

CVE-2025-52897

GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19...

GLPI Cross-Site Scripting Vulnerability (CNVD-2025-17793)

GLPI is a free asset and IT management software suite. A phishing attack vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a planning feature that does not effectively filter malicious links sent by unauthenticated users. An attacker could use this vulnerability to...

UBUNTU-CVE-2025-53112

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission checks can result in unauthorized removal of some specific resources. This is fixed in version 10.0.1...

GLPI 安全漏洞

GLPI is a free asset and IT management software suite that provides ITIL service desk functionality, license tracking and software auditing. A security vulnerability exists in GLPI versions 9.1.0 through 10.0.18, which stems from a failure to perform privilege checks on specific resource deletion...

Path transversal vulnerability potentially leading to sensitive information disclosure (CVE-2025-4661)

A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit...

CVE-2025-1976

Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6...

Broadcom Brocade Fabric OS（FOS） 安全漏洞

Broadcom Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Broadcom USA. A security vulnerability exists in Broadcom Brocade Fabric OS FOS versions 9.1.0 through 9.1.1d6, which originates from the possibility that a local user with...