18 matches found
CVE-2026-54293
NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...
CVE-2026-2285
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...
CVE-2026-2285 CVE-2026-2285
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...
Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing aka vishing campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracki...
PT-2024-12394 · Qualcomm · 9206 Lte Modem Firmware +106
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in the Audio component when processing calibration data returned from the ACDB loader. No information is provided...
GHSA-FRQC-F2H8-FJVF Spring for GraphQL may be exposed to GraphQL context with values from a different session
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader...
PT-2023-24654 · Spring · Spring For Graphql
Name of the Vulnerable Software and Affected Versions: Spring for GraphQL versions 1.1.0 through 1.1.5 Spring for GraphQL versions 1.2.0 through 1.2.2 Description: A batch loader function in Spring for GraphQL may be exposed to GraphQL context with values, including security context values, from ...
Spring GraphQL Security Vulnerability
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring GraphQL versions 1.1.0 through 1.1.5 and 1.2.0 through 1.2.2, which stems from the...
Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-1471)
Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Constructor class...
Security Bulletin: There is a security vulnerability in Spring Security used by IBM Maximo Data Loader (CVE-2022-31692)
Summary There is a security vulnerability in Spring Security used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include dispatcher...
Security Bulletin: There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader (CVE-2023-24998)
Summary There is a security vulnerability in Apache Commons FileUpload and Tomcat used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts to b...
Security Bulletin: There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader (CVE-2022-41854)
Summary There is a security vulnerability in snakeYAML used by IBM Maximo Data Loader Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted YAML content, a...
Ransomware. In the air?
Introduction As an exercise, we were asked to look at the potential vectors for ransomware to affect flight despatch and operations. In most cases, flight systems simply werent significantly exposed, but ground systems affected by ransomware may make flight ops either impossible or significantly...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header
Summary There is missing or insecure "X-XSS-Protection" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application. Vulnerability Details CVEID: CVE-2021-20446 DESCRIPTION: IBM Maxi...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field
Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-Content-Type-Options" header
Summary There is missing or insecure "X-Content-Type-Options" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to check for SRI (Subresource Integrity) support
Summary There is missing check for SRI Subresource Integrity support in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible the user-agent can't verify scripts from third-party services. In case of compromise of the third-party service, the...
Updating Airplanes
If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System FMS and related navigation databases navaids, airspace etc have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy. It’s more common to...