Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

ROOT-APP-PYPI-CVE-2026-41140 CVE-2026-41140 in rootio-poetry - Patched by Root

Root has patched CVE-2026-41140 in the rootio-poetry package for Root:PyPI. Multiple fixed versions available...

Exploit for CVE-2026-26897

EcoOnline EHS Android — Deep Link Validation Bypass → WebVie...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...

CVE-2025-14773

CVE-2025-14773 is a stored cross-site scripting (XSS) vulnerability in ABB T-MAC Plus web application, affecting T-MAC Plus 4.0-24. The issue stems from improper neutralization of input during web page generation. CVSS metrics from ABB indicate a HIGH severity (CVSS v4.0 base 7.2; v3.1 base 8.0),...

CVE-2025-14773 Stored Cross-Site Scripting in ABB T-MAC Plus web application

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14773 Stored Cross-Site Scripting in ABB T-MAC Plus web application

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14772 Broken Access Control in ABB T-MAC Plus web application

Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

CVE-2025-14771

Technical details (affected components, versions, impact, remediation) are not publicly available in the provided documents. Monitor for updates on ABB T-MAC Plus CVE-2025-14771.

CVE-2025-14771 File Disclosure in ABB T-MAC Plus web application and in ABB T-MAC plus Server - Default IIS Web Site

Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449

Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by remote code execution

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by remote code execution CVE-2026-9311, CVE-2026-9330 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by an identity spoofing vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by an identity spoofing vulnerability CVE-2026-8644 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

eCPPT-Penetration-Testing-Reports

eCPPT Penetration Testing Reports Penetration testing lab rep...

PT-2026-45941

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat x0b, x0c, x1c, x1d, x1e, or x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

PT-2026-46057

Name of the Vulnerable Software and Affected Versions libxls versions prior to 1.6.4 Description The OLE container parser contains an issue where memory allocated for the Master Sector Allocation Table MSAT in the read MSAT function is not fully initialized before being used by the ole2 validate...