Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr

Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...

CVE-2026-34164

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

EUVD-2026-8597

Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-22567

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567 ZIA Admin UI Input Validation Bug

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567 ZIA Admin UI Input Validation Bug

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

PT-2026-21526

Name of the Vulnerable Software and Affected Versions Zscaler Internet Access versions affected versions not specified Description An issue exists in the ZIA Admin UI where improper validation of user-supplied input can allow an authenticated administrator to initiate backend functions through...

Malicious code in epic-admin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...

MAL-2026-679 Malicious code in epic-admin-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53764f149897a5c5d4373d2f217da3994123f2664db8150cfcf37b474ee632db The package epic-admin-ui was found to contain malicious code. Source: ghsa-malware 34cc1c893e75c3b3e5849e74fed6d7f75ce784c9e933d878d93e773fae313305...

CVE-2026-24348

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...

CVE-2026-24346

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

CVE-2026-24348

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...

CVE-2026-24345

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...

CVE-2026-24345

Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...

CVE-2026-24348

EZCast Pro II Admin UI (version 1.17478.146) is affected by multiple cross-site scripting vulnerabilities. The flaws allow an attacker to execute arbitrary JavaScript in the browsers of other Admin UI users. Exploitation details are not provided in the brief, but a PT Security advisory recommends...

CVE-2026-24348 Multiple cross-site scripting vulnerabilities in EZCast Pro II Dongle

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...

EUVD-2026-4838

Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users...

CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle

Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...