CVE-2026-9808

CVE-2026-9808 affects Mautic 7 API v2 endpoints (API Platform). Under certain conditions, roles with owner-scope restrictions (viewown/editown) are not properly enforced, allowing low-privilege authenticated API users to bypass ownership-logic and access or modify resources belonging to others. C...

Security Bulletin: There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33750)

Summary There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to...

Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-0636)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of t...

Security Bulletin: There is a vulnerability in bcpkix-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5588)

Summary There is a vulnerability in bcpkix-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpk...

Security Bulletin: There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-5758)

Summary There is a vulnerability in protocol-buffers-schema-3.6.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-5758 DESCRIPTION: JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0,...

Security Bulletin: There is a vulnerability in fast-uri-3.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6321)

Summary There is a vulnerability in fast-uri-3.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6321 DESCRIPTION: fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normali...

Security Bulletin: There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34477, CVE-2026-34478, CVE-2026-34480)

Summary There is a vulnerability in log4j-core-2.25.3.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33870)

Summary There is a vulnerability in netty-codec-http-4.1.130.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-35554)

Summary There is a vulnerability in kafka-clients-3.9.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be...

Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

Security Bulletin: There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33929)

Summary There is a vulnerability in pdfbox-2.0.28.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33929 DESCRIPTION: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples...

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.2-py3-none-any.whl which is vulnerable to CVE-2026-30922.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-35536

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-35536.This bulletin contains information addressing the vulnerability. Vulnerability...

CVE-2026-4776

An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...

Network Optix Nx Witness VMS 安全漏洞

Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...