CVE-2025-36220 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2025-209931

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2026-9550

CVE-2026-9550 affects Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue involves path traversal in a component handling the file path /SubstationWEBV2/app/..;/main/upfile, caused by manipulation of the argument path. The vulnerability permits...

CVE-2026-9550 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform upfile path traversal

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

EUVD-2026-31825

A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal...

Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files

A flaw was found in Apache Tomcat. The cloud membership for clustering component was vulnerable to the insertion of sensitive information into log files. This vulnerability could lead to the exposure of the Kubernetes bearer token, which is a credential used for authentication within a Kubernetes...

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence AI tools to make their attacks faster, stronger, and much harder to stop. According to...

Scammers pretending to be Microsoft had help from US executives

A pop-up appears on your computer, warning of a virus. You call the "Microsoft technician" in the pop-up message, and they explain that they need remote access to fix it. Most of us know this script by now. It's a scam, operated by people intent on siphoning money from your account. A court case...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NRS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NRS addressed in 3.0.5.1. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NPS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NPS addressed in 11.3.0.2-IF1 Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-36220 DESCRIPTION: IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul...

CVE-2026-9523

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

CVE-2026-9523

The CVE describes a SQL injection in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. The vulnerable component is the web path /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree, where argument manipulation enables SQL injection. The issue is exp...

CVE-2026-9523 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform getCalcmeterDetailDayListTree sql injection

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

EUVD-2026-31782

A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by this vulnerability is an unknown functionality of the file /SubstationWEBV2/app/..;/calc/getCalcmeterDetailDayListTree. Performing a manipulation of the argument...

PT-2026-43284

Name of the Vulnerable Software and Affected Versions Google Cloud Apigee affected versions not specified Description A flaw in the SetIntegrationRequest policy allows remote attackers to perform Server-Side Request Forgery SSRF, which is a technique where an attacker forces a server to make...

Google Cloud Apigee 安全漏洞

Google Cloud Apigee is an API management platform provided by Google Inc. It supports features such as API gateways, traffic governance, and interface security management. There are security vulnerabilities in Google Cloud Apigee. These vulnerabilities stem from allowing remote attackers to execu...

PT-2026-43283

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak for Data System - Cyclops versions 11.3.0.2 through Interim Fix 002 Description IBM Cloud Pak for Data System uses default passwords from the manufacturing process during the installation process, which could allow an attacker to...