34 matches found
EUVD-2019-15713
Malware in sbrugna...
EUVD-2017-12623
Malware in sbrugna...
EUVD-2017-1713
Malware in sbrugna...
EUVD-2018-14650
Malware in sbrugna...
EUVD-2024-18630
Malicious code in bioql PyPI...
CVE-2025-50070
Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authenticated OS User privilege with logon to the infrastructure where JDBC executes to compromise JDBC...
CVE-2025-30758
Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: User Interface. Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks ...
Security Bulletin: Vulnerability in Apache Commons IO affects watsonx.data
Summary Apache Commons IO is vulnerable to a denial of service attack. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...
Security Bulletin: vulnerability in Logback affects IBM Workload Scheduler.
Summary IBM Workload Scheduler is affected by a vulnerability in Logback that can cause denial of service CVE-2023-6378 Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the receiver component. By...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...
WordPress Flash & HTML5 Video Plugin <= 2.5.32 is vulnerable to Broken Access Control
Software Flash & HTML5 Video Type Plugin Vulnerable versions = 2.5.32 Fixed in 2.5.33 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7727 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID b5ae27e206ad Credits Lucio Sá Required...
Security Bulletin: Vulnerability in Go affects watsonx.data
Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connectio...
WordPress WP Media Cleaner Plugin <= 6.7.2 is vulnerable to Sensitive Data Exposure
Software WP Media Cleaner Type Plugin Vulnerable versions = 6.7.2 Fixed in 6.7.3 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-33922 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 489615881bfc Credits Joshua Chan Required...
WordPress BoldGrid Easy SEO Plugin <= 1.6.14 is vulnerable to Sensitive Data Exposure
Software BoldGrid Easy SEO Type Plugin Vulnerable versions = 1.6.14 Fixed in 1.6.15 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2950 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 442e3877c2aa Credits Krzysztof Zając Requir...
WordPress Sharkdropship for AliExpress Dropship and Affiliate Plugin <= 2.2.4 is vulnerable to Broken Access Control
Software Sharkdropship for AliExpress Dropship and Affiliate Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1732 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID e01d5766d97d...
Security Bulletin: IBM Asset Data Dictionary Component uses json-path-2.6.0.jar which is vulnerable to CVE-2023-51074.
Summary IBM Asset Data Dictionary Component uses json-path-2.6.0.jar which is vulnerable to CVE-2023-51074. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, cause...
WordPress Defender Security Plugin <= 4.2.0 is vulnerable to Bypass Vulnerability
Software Defender Security Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-47189 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 9d721f7eb609 Credits Naveen Muthusamy Required...
Security Bulletin: IBM Enterprise Content Management System Monitor is affected by CVE-2021-2163
Summary IBM Enterprise Content Management System Monitor is affected by CVE-2021-2163 and IBM Enterprise Content Management System Monitor team has addressed it. Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...
Johnson Controls Metasys ADS, ADX, OAS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...