Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in jetty-ee10-jaspi (CVE-2026-5795)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-5795 reported for jetty-ee10-jaspi-12.0.25.jar . Vulnerability Details CVEID:CVE-2026-5795 DESCRIPTION: In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variabl...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-40466 and CVE-2026-41044)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40466 and CVE-2026-41044 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-40466 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-boot (CVE-2026-40973, CVE-2026-40975, CVE-2026-40977)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40973, CVE-2026-40975, CVE-2026-40977 reported for spring-boot-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the...

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-boot-autoconfigure (CVE-2026-40974)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-40974 reported for spring-boot-autoconfigure-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40974 DESCRIPTION: Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime Quarterly CPU - Apr 2026

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918 reported for IBM Semeru Runtime Quarterly CPU - Apr 2026 - Includes...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Bouncy Castle bcprov-jdk (CVE-2025-14813, CVE-2026-5598)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2025-14813, CVE-2026-5598 reported for bcprov-jdk18on-1.81.jar. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JA...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-web (CVE-2026-22732)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-22732 reported for spring-security-web-6.4.12.jar. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jasperreports (CVE-2025-10492)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-10492 reported for jasperreports-7.0.2.jar. Vulnerability Details CVEID:CVE-2025-10492 DESCRIPTION: A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2025-66168)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-66168 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2025-66168 DESCRIPTION: WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2026-2332)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-2332 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "fun...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-server (CVE-2026-1605)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-1605 reported for jetty-server-12.0.25.jar. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-34197)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-34197 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-34197 DESCRIPTION: Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broke...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2026-39304)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-39304 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2026-39304 DESCRIPTION: Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560-Polkit-Privilege-Esclation PoC Original rese...

CVE-2026-35207

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

EUVD-2026-20991

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

CVE-2026-35207 deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...

CVE-2026-35207

In dde-control-center (Deepin Desktop Environment), the plugin-deepinid insecurely skipped TLS certificate verification when fetching user avatars from openapi.deepin.com and similar providers. Prior to version 6.1.80, this allowed a (MITM) attacker to intercept traffic, potentially replace the a...

CVE-2026-35207 deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server

dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certificate verification when fetching the user's avatar from...