Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33870)

Summary There is a vulnerability in netty-codec-http-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-35554)

Summary There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be...

Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-35536

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-35536.This bulletin contains information addressing the vulnerability. Vulnerability...

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

Linux Distros Unpatched Vulnerability : CVE-2026-43000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...

Linux Distros Unpatched Vulnerability : CVE-2026-42998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...

Manga/Image Translator 安全漏洞

Manga/Image Translator is a text-to-image translation tool developed by zyddnys’ individual developers. Manga/Image Translator has a security vulnerability, which stems from insecure deserialization during the shared API server mode. This vulnerability could allow remote attackers to execute...

Malicious code in @t-in-one/add_application_service_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

PT-2026-44902

Name of the Vulnerable Software and Affected Versions Plesk versions prior to 18.0.75.1 Plesk versions prior to 18.0.76.2 Description An XPath injection issue exists in the APS Application Catalog search functionality. This occurs because user-supplied input is interpolated into XPath queries...

Network Optix Nx Witness VMS 安全漏洞

Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

CVE-2026-44881

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...

EUVD-2026-33033

Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by injecting values into a configuration override mechanism that is not adequatel...