HTTP Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 9.6.0, 10.0.0, 10.1.1, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N...

Rancher cloud credentials can be used through proxy API by users without access

A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...

CVE-2026-24734 Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM port of the Tomcat Native code did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypasse...

CVE-2026-24048 Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the FetchUrlReader component, used by the catalog and other...

CVE-2025-12739

CVE-2025-12739 involves a Cross-Site Scripting (XSS) vulnerability in Looker’s Extension Loader. An attacker with viewer permissions can craft a malicious URL that, when opened by a Looker administrator, could run attacker-supplied script. Exploitation requires at least one Looker extension insta...

EUVD-2023-45840

Malicious code in bioql PyPI...

Security Bulletin: due to the use of 10x UI, IBM Transformation Extender Advanced is vulnerable to unsafe deserialization in Java

Summary IBM Transformation Extender Advanced also known as IBM Standards Processing Engine has a vulnerability that could allow attackers to perform remote code execution. Please upgrade to one of the fixed versions in this bulletin. Vulnerability Details CVEID:CVE-2022-42441 DESCRIPTION: IBM...

PT-2025-33489 · Firebird · Firebird

Name of the Vulnerable Software and Affected Versions: Firebird versions prior to 4.0.6.3183 Firebird versions prior to 5.0.2.1610 Firebird versions prior to 6.0.0.609 Description: Firebird is a relational database. If the ExtConnPoolSize parameter is not set to 0, a server process segfault may...

CVE-2025-55668 Apache Tomcat: session fixation via rewrite valve

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

CVE-2025-50091 affecting package mysql for versions less than 8.0.43-1

CVE-2025-50091 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-37980 affecting package kernel for versions less than 6.6.92.2-1

CVE-2025-37980 affecting package kernel for versions less than 6.6.92.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-21839 affecting package kernel for versions less than 6.6.92.2-1

CVE-2025-21839 affecting package kernel for versions less than 6.6.92.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24826 affecting package exiv2 for versions less than 0.28.3-1

CVE-2024-24826 affecting package exiv2 for versions less than 0.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-32421

Next.js CVE-2025-32421 describes a race-condition in the Pages Router that, under certain misconfigurations, can cause endpoints to serve pageProps data instead of HTML. Affected versions are pre-14.2.24 and pre-15.1.6; patch versions 14.2.24 and 15.1.6 strip the x-now-route-matches header to mit...

PT-2025-20299 · Q2Apro · Q2Apro

Name of the Vulnerable Software and Affected Versions: q2apro q2apro-on-site-notifications versions up to 1.4.6 Description: A problematic issue was found, affecting the process request function of the file q2apro-onsitenotifications-page.php. This leads to cross-site scripting and can be initiat...

CVE-2025-29775 xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...

PT-2025-6710 · Apache · Apache Ignite

Name of the Vulnerable Software and Affected Versions: Apache Ignite versions 2.6.0 through 2.17.0 Description: The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it t...

PT-2023-22774 · Gatsby · Gatsby-Plugin-Sharp

Name of the Vulnerable Software and Affected Versions: gatsby-plugin-sharp versions prior to 5.8.1 and 4.25.1 Description: The gatsby-plugin-sharp plugin contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. By default, gatsby develop is only...

Incorrect serialized string parsing

PMASA-2016-70 Announcement-ID: PMASA-2016-70 Date: 2016-11-25 Updated: 2016-12-06 Summary Incorrect serialized string parsing Description Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMAsafeUnserialize function. Severity We consider this...

XSS vulnerability in bookmarks - ownCloud

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...