Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...

Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes google.protobuf, which could cause denial-of-service DoS vulnerability. CVE-2026-0994. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict ...

Security Bulletin: Vulnerability in DiskCache with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage includes DiskCache python-diskcache. Following vulnerability can achieve arbitrary code execution. CVE-2025-69872. Vulnerability Details CVEID:CVE-2025-69872 DESCRIPTION: DiskCache python-diskcache through 5.6.3 uses Python...

Security Bulletin: Vulnerability in MCP Python SDK bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes MCP Python SDK. Following vulnerability could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. CVE-2025-66416. Vulnerability Details...

Security Bulletin: Vulnerability in golang.org/x/crypto bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage include golang.org/x/crypto which could cause early termination of client process. CVE-2025-47913. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response...

Security Bulletin: Vulnerability in AIOHTTP bundled with IBM Fusion Content-Aware Storage.

Summary IBM Fusion Content-Aware Storage includes AIOHTTP which could allow DoS, request smuggling, logging storm attacks. The target service within Content-Aware Storage is vLLM, and this service is accessible only on the private network within kubernetes, and requires this private network acces...

WordPress Content Aware Sidebars Plugin < 3.19.1 is vulnerable to Cross Site Scripting (XSS)

Software Content Aware Sidebars Type Plugin Vulnerable versions 3.19.1 Fixed in 3.19.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer DEV Institute PSID 7045acf9eb4c Credits Rafie Muhammad Patchstack...

WordPress Content Aware Sidebars plugin <= 3.17.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Content Aware Sidebars plugin versions = 3.17.1. Solution Update the WordPress Content Aware Sidebars plugin to the latest available version at least 3.17.2...

WordPress Content Aware Sidebars plugin <= 3.17.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Content Aware Sidebars plugin versions = 3.17.1. Solution Update the WordPress Content Aware Sidebars plugin to the latest available version at least 3.17.2...

WordPress Content Aware Sidebars plugin <= 3.8 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Content Aware Sidebars plugin versions = 3.8. Solution Update the WordPress Content Aware Sidebars plugin to the latest available version at least 3.8.1...

Cisco ASA-CX Content-Aware Security software and Cisco Prime Security Manager Arbitrary Password Change Vulnerability

Cisco ASA-CX Content-Aware Security software and Cisco Prime Security Manager PRSM are both products of Cisco, Inc.Cisco ASA CX Context-Aware Security Software Cisco ASA CX Context-Aware Security Software is an add-on service module that extends the ASA platform.PRSM is a multi-device management...

CVE-2016-1301

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1112 and Cisco Prime Security Manager PRSM software before 9.3.1.1112 allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842...

CVE-2016-1301

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1112 and Cisco Prime Security Manager PRSM software before 9.3.1.1112 allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842...

CVE-2016-1301

CVE-2016-1301 affects Cisco ASA-CX Content-Aware Security software prior to 9.3.1.1(112) and Cisco Prime Security Manager prior to 9.3.1.1(112). The RBAC implementation flaw allows remote authenticated users to change arbitrary passwords by sending a crafted HTTP request. Impact is elevated privi...

The EICAR Encoder

This encoder merely replaces the given payload with the EICAR test string. Note, this is sure to ruin your payload. Any content-aware firewall, proxy, IDS, or IPS that follows anti-virus standards should alert and do what it would normally do when malware is transmitted across the wire. This modu...