EUVD-2019-1730

Malware in sbrugna...

EUVD-2023-58540

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is ...

CVE-2025-47021 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47007 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Security Bulletin: There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service (CVE-2021-23926)

Summary There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML...

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

ChatGPT: Friend or Foe? | API Security Newsletter

Welcome to our April API newsletter, recapping some of the events of last month. This month’s topic is Generative AI tools e.g., ChatGPT in cybersecurity. It – along with API Security – dominated the 2023 RSA Conference, and there’s plenty of digital ink being spilled on the topic. Be sure to wat...

diesel-oder-benzin.de Cross Site Scripting vulnerability OBB-2647557

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

OWASP Top 10 Deep Dive: Injection and Stack Traces From a Hacker's Perspective

In case you missed it, injection claimed the number 3 spot in OWASP's updated Top 10 application security risks for 2021. Today, I'm going to highlight some of the reasons why injection is such a formidable threat, despite it falling two spaces from the number 1 slot on OWASP's 2017 list. But...

Code injection

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, S...

New National Vulnerability Database visualizations and feeds

Recently, the National Institute of Standards and Technology NIST introduced a new version of National Vulnerability Database NVD website.  I will not say that I liked this redesign: IMHO, old website with US flag was much prettier and useful: But the very fact that the site is developing, I...