Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management . Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting...

ROOT-OS-DEBIAN-11-CVE-2024-26585 CVE-2024-26585 in rootio-linux - Patched by Root

Root has patched CVE-2024-26585 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the migrate endpoint /actions/app/migrate. An attacker can perform unauthorized migration operations by sending crafted requests to this endpoint. Remediation There ...

Inside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation

The Verizon 2026 Data Breach Investigations Report has been published. Qualys is proud to have served as a research partner and contributor, contributing analysis of more than one billion anonymized vulnerability remediation records across four consecutive DBIR reporting cycles of CISA Known...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Host header when constructing response URLs for custom slash commands. An attacker can redirect responses to a server under their control by sending a specially crafted request with a spoofed Hos...

CVE-2026-6335

Removed by vendor...

EUVD-2026-30240

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

Windows-pentest-lab

Windows-pentest-lab Penetration testing and vulnerability asse...

PT-2026-40853

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with Guest permissions can view issues in projects they a...

PT-2026-40879

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.1 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user with project membership can enumerate private group...

ISPB

🛡️ AI-powered Security Scanner Platform A next-generation...

Information Exposure

Overview std/net/http/httputil is a Go standard library package std/net/http/httputil Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrit...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904

Summary IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27903...

Security Bulletin:Axios HTTP/2 Session Cleanup Logic State Corruption Bug Fixed in 1.13.2

Summary Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The...

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate,...

CVE-2026-6515

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

CVE-2025-6016

Removed by vendor...

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-27351link is external PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199link is external JetBrains TeamCity Relative Path Traversal...

How to Reduce Mean Time to Remediate (MTTR) in Cybersecurity

How to Reduce Mean Time to Remediate MTTR in Cybersecurity Every hour a vulnerability remains unpatched is an hour an attacker can use it against you. That window of exposure is exactly what Mean Time to Remediate MTTR measures, and for security leaders, it's one of the most consequential metrics...