CVE-2026-2031

The CVE-2026-2031 entry describes an improper access control vulnerability in several internal API endpoints of Google Cloud Application Integration (prior to 2026-01-23). An unauthenticated remote attacker can disclose sensitive internal information and execute arbitrary code by sending speciall...

MAL-2026-3176 Malicious code in @cap-js/db-service (npm)

Supply chain compromise of legitimate SAP packages published by threat actor "[email protected]" impersonating SAP toolchain maintainers. All four compromised packages share the same fingerprint: setup.mjs 4.4 KB and execution.js 11.1 MB bundled in the tarball, with a preinstall hook of "node...

EUVD-2014-5678

Malware in sbrugna...

EUVD-2020-25073

Malware in sbrugna...

EUVD-2024-34386

Malicious code in bioql PyPI...

Paraşüt Bizmu 跨站脚本漏洞

Paraşüt Bizmu is a cloud-based financial management and e-invoicing application from Paraşüt Turkey. A cross-site scripting vulnerability exists in Paraşüt Bizmu versions 2.27.0 through 20250212, which stems from improper input neutralization during web page generation and could lead to cross-sit...

PT-2025-34049 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 versions V02.03.01.110 Description: A stack-based buffer overflow exists in the Cloud API functionality. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this...

How Breaches Start: Breaking Down 5 Real Vulns

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder's bug-hunting team, reveal how attackers turn overlooked flaws into serious security...

Latency using any Cloud application with 49" Inch Monitor ( using 5K resolution [5120*1440] )

After switching from On-Prem 1912 CU6 to Cloud 2203 CU3 - There is sluggish performance using a higher resolution monitors & increased in number of Monitors - Problem appears on 6 monitors with a resolution of 19201200 - Problemappears on 1x monitor with 49" curved monitor with a resolution of...

Vasion Print 数据伪造问题漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from insufficient signature verification...

Linux Distros Unpatched Vulnerability : CVE-2014-3188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers...

CVE-2025-0982

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights. CVE-2023-50314 Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the...

CVE-2025-0982

CVE-2025-0982 : Sandbox escape in Google Cloud Application Integration’s JavaScript Task (Rhino engine). The exploit would require crafted JavaScript code run by Rhino. Effective January 24, 2025, Rhino is no longer supported by Application Integration, and no further fix actions are needed. The ...

PT-2025-5810 · Google · Google Cloud Application Integration

Name of the Vulnerable Software and Affected Versions: Google Cloud Application Integration affected versions not specified Description: A sandbox escape issue in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted...

CVE-2024-11146

TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some...

CVE-2024-11146 TrueFiling authorization bypass via user-controlled keys

TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some...

Forcepoint Web Security 安全漏洞

Forcepoint Web Security is a security platform from US-based Forcepoint, Inc. It provides robust protection through content-aware defense as well as cloud application discovery and monitoring. A security vulnerability exists in Forcepoint Web Security that stems from the inclusion of a cross-site...

Security Bulletin: Vulnerabilities in Java affects IBM Cloud Application Business Insights.

Summary Vulnerabilities in Java affects IBM Cloud Application Business Insights CVE-2023-21930, CVE-2023-21968, CVE-2023-21938, CVE-2023-21967, CVE-2023-21939, CVE-2023-2597, CVE-2023-22045, CVE-2023-22049 Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects APM Agents for Monitoring

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. This effects all IBM Cloud Application Performance Management agents, all versions. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a...