Security Bulletin: Due to use of core-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by cross-site scripting (XSS) issue.

Summary core-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-22610, CVE-2026-27970. Vulnerability Details CVEID:CVE-2026-22610 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages...

CVE-2026-37579

An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...

@adonisjs/http-server 安全漏洞

@adonisjs/http-server is an HTTP server framework based on Node.js, open-sourced by the AdonisJS Framework. Versions of @adonisjs/http-server prior to 7.8.1, as well as versions 8.0.0-next.0 to 8.1.3, along with @adonisjs/core version 7.4.0 and earlier, have security vulnerabilities. These...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +677 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.2.3)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.1.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =1.2.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2025-54920 Source advisory: OSV:GHSA-JWP6-CVJ8-FW65https://vulners.com/osv...

datapizza-ai-cache-redis (=0.0.3), datapizza-ai-clients-anthropic (>=0.0.3 <=0.0.5) +21 more potentially affected by CVE-2026-2970 via datapizza-ai-core (>=0.0.1 <=0.0.26)

datapizza-ai-core PYPI version =0.0.1, =0.0.3, =0.0.2, =0.0.4, =0.0.4, =0.0.6, =0.0.6, =0.0.3, =0.0.3, =0.0.2, =0.0.2, =0.0.8 and more Source cves: CVE-2026-2970 Source advisory: OSV:GHSA-HG58-X52P-859C...

PT-2026-21137

Name of the Vulnerable Software and Affected Versions TeconceTheme Woodly Core versions through 1.4 Description A flaw exists in TeconceTheme Woodly Core that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially all...

Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

CVE-2023-45849

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner...

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure during pnpm install. An attacker can execute arbitrary code by introducing a malicious git-hosted dependency that leverages prepare, prepublish, or prepack scripts during the fetch phase. Remediation Upgrade...

PT-2026-1439

Name of the Vulnerable Software and Affected Versions NJHYST HY511 POE core versions prior to 2.1 NJHYST HY511 POE plugins versions prior to 0.1 Description The device exhibits insufficient cookie verification, enabling an attacker to directly request the configuration file address and download t...

CVE-2025-62100 WordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through = 1.1.9...

CLSA-2025-1764772111 jackson-modules-base: Fix of CVE-2025-52999

Rebuilt with the CVE-2025-52999: fixed jackson-core version - Fixed build: replaced missing packages with a patch for PackageVersion...

PT-2025-46916

Name of the Vulnerable Software and Affected Versions grist-core versions prior to 1.7.7 Description grist-core is a spreadsheet hosting server. A user with access to any document on a Grist installation can use a feature for fetching from a URL that is executed on the server. The privileged...

BIT-OPENTELEMETRY-COLLECTOR-2024-36129 OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue...

EUVD-2020-21042

Malware in sbrugna...

EUVD-2015-0256

Malware in sbrugna...

EUVD-2023-34333

Malicious code in bioql PyPI...

EUVD-2025-5624

Malicious code in bioql PyPI...

CVE-2025-52161

Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting XSS vulnerability...