PT-2025-40448

CVE-2025-61721 - Apache HTTP Server Authentication Bypass CVE ID : CVE-2025-61721 Published : Oct. 1, 2025, 3:15 a.m. | 2 hours, 24 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-40443

CVE-2025-61716 - Apache HTTP Server Remote Code Execution CVE ID : CVE-2025-61716 Published : Oct. 1, 2025, 3:15 a.m. | 2 hours, 24 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-40611

CVE-2025-61596 - Apache Kafka Deserialization RCE CVE ID : CVE-2025-61596 Published : Oct. 1, 2025, 5:15 p.m. | 3 hours, 57 minutes ago Description : Rejected reason: This is a fork and is not in the Rust registry. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF005 (September 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF005. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens...

Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities

Summary Multiple vulnerabilities in ApacheTomcat have been addressed in IBM webMethods developer portal Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

PT-2025-40431

CVE-2022-40285 - Apache HTTP Server Command Injection Vulnerability CVE ID : CVE-2022-40285 Published : Sept. 30, 2025, 9:15 p.m. | 2 hours, 12 minutes ago Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-13967. Reason: This record is a reservation duplicate of...

PT-2025-39961

Name of the Vulnerable Software and Affected Versions pyfory versions 0.12.0 through 0.12.2 pyfury versions 0.1.0 through 0.10.3 Description Deserialization of untrusted data in Python allows arbitrary code execution. An application is susceptible if it reads serialized data from untrusted source...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload (CVE-2025-48976)

Summary A vulnerability in Apache Commons FileUpload that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.

Summary Multiple vulnerabilities in Apache XML Security for Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-20945 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons (CVE-2025-48734)

Summary A vulnerability in Apache Commons that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Wink (CVE-2010-2245)

Summary A vulnerability in Apache Wink that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: XML External Entity XXE vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial o...

Security Bulletin: IBM InfoSphere Information Server is affected by an improper input validation vulnerability in Apache POI (CVE-2025-31672)

Summary An improper input validation vulnerability in Apache POI that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xls...

GHSA-4XH5-X5GV-QWPH vulnerabilities

Vulnerabilities for packages: py3.12-pytorch-cuda-11.8, py3-virtualenv, py3-pip-wheel-bootstrap, reflex, localstack, nvidia-nsight-compute-13.1, request-1276, mlflow, py3.9-pip, py3-pip, airflow, py3.10-pytorch-cuda-11.8...

Security Bulletin:IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling (CVE-2025-4673,CVE-2025-22871)

Summary Operator of IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling due to apache HTTP pomponents. IBM Event Endpoint Management uses HTTP components to expose secure event APIs via its Event Gateway, enabling client applications to interact with...

Apache Solr 6.6.x < 9.8.0 Relative Path Traversal

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the 'configset upload' API. Commonly known as a 'zipslip', maliciously constructed ZIP files can use relative filepaths t...

web-application-firewall

🔒 Project 2 — WAF Rule Development & Evasion Testing Projec...

Security Bulletin: Vulnerabilities in Apache Tomcat and form-data might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and form-data. Vulnerabilities include a memory leak which result in a denial of service, possible for a specially crafted request to bypass some rewrite rules which could be bypassed security...

Security Bulletin: IBM i is affected by denial of service vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-36097, CVE-2025-36047, CVE-2025-48976]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to a denial of service by sending a specially crafted request that causes the server to consume excessive memory resources CVE-2025-36097, CVE-2025-36047 and by allocation of resources for multipart headers with insufficient...

OESA-2025-2346 apache-mime4j security update

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...