DEBIAN-CVE-2026-42585

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final...

CVE-2026-1726 Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager

IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. T...

CVE-2026-1726

CVE-2026-1726 affects IBM Guardium Key Lifecycle Manager (GKLM) versions 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1. The IBM security bulletin lists this CVE under CWE-269: Improper Privilege Management, with a IBM CVSS base score of 6.4 (vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N). The conne...

AIX is vulnerable to potential code execution (CVE-2025-61984 CVE-2025-61985) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Tue Jan 6 13:47:51 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory20.asc Security Bulletin: AIX is vulnerable to potential code execution CVE-2025-61984, CVE-2025-61985 due to...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

JLSEC-2025-102 In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU v...

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

CVE-2025-40798

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions, SIMATIC PCS neo V5.0 All versions, SIMATIC PCS neo V6.0 All versions V6.0 SP1 Update 1, User Management Component UMC All versions V2.15.1.3. Affected products contain a out-of-bounds read vulnerability in the integrated UM...

CVE-2025-40795

A vulnerability has been identified in SIMATIC PCS neo V4.1 All versions, SIMATIC PCS neo V5.0 All versions, SIMATIC PCS neo V6.0 All versions V6.0 SP1 Update 1, User Management Component UMC All versions V2.15.1.3. Affected products contain a stack-based buffer overflow vulnerability in the...

WordPress plugin Music Sheet Viewer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

IBM Security Guardium Key Lifecycle Manager 安全漏洞

IBM Security Guardium Key Lifecycle Manager is a cryptographic key management tool from International Business Machines IBM. that centralizes, simplifies, and automates the key management process. A security vulnerability exists in IBM Security Guardium Key Lifecycle Manager. An attacker exploiti...

Dell Enterprise SONiC OS 操作系统命令注入漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. An operating system command injection vulnerability exists in Dell Enterprise SONiC OS versions 4.1. x and 4.2.x. The vulnerability stems from improper neutralization of...

PT-2024-24908 · Unknown · List Custom Taxonomy Widget

Name of the Vulnerable Software and Affected Versions: List Custom Taxonomy Widget versions n/a through 4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Nick Halsey List Cust...

CVE-2022-47177

Cross-Site Request Forgery CSRF vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin = 4.1 versions...

Joomla! 代码注入漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...

@avalabs/avalanche-wallet-sdk (>=0.3.0 <=0.9.4), @b0dhidharma/contract-utils (=0.1.1) +62 more potentially affected by CVE-2021-41264 via @openzeppelin/contracts (>=4.1.0 <=4.3.1)

@openzeppelin/contracts NPM version =4.1.0, =0.3.0, =0.0.2, =1.0.0, =1.1.0, =2.0.0, =0.1.1, =0.0.1, =3.0.0-alpha.2, =3.0.0-alpha.1, =3.0.0-alpha.1, =3.0.0-alpha.1, =0.0.0-863d96e4, =0.0.23-canary and more Source cves: CVE-2021-41264 Source advisory: OSV:GHSA-5VP3-V4HC-GX76...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2020-41738)

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site scripting vulnerability exists in SAP Business Objects...

SAP Business Objects Business Intelligence Platform Cross-Site Request Forgery Vulnerability

SAP Business Objects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site request forgery vulnerability exists in SAP...

org.dspace.modules:xmlui (>=4.0 <=4.1) potentially affected by CVE-2016-10726 via org.dspace:dspace-xmlui (>=4.0 <=4.1)

org.dspace:dspace-xmlui MAVEN version =4.0, =4.0, =4.1 Source cves: CVE-2016-10726 Source advisory: OSV:GHSA-4M9R-5GQP-7J82...

Philips IntelliSpace Cardiovascular and Xcelera Unknown Search Path or Element Vulnerability

Philips IntelliSpace Cardiovascular ISCV and Xcelera are both products of the Dutch company Philips.Philips ISCV is a cardiac imaging information management system.Xcelera is its predecessor. A security vulnerability exists in Philips ISCV version 3.1 and earlier and Xcelera version 4.1 and...

NetApp AltaVault Man-in-the-Middle Attack Vulnerability

NetApp AltaVault is a cloud storage solution from NetApp. The solution features scalability, data encryption, and support for data backup and recovery. A security vulnerability exists in NetApp AltaVault 4.1 and earlier versions. An attacker could use this vulnerability to conduct a...