7 matches found
CVE-2026-2285
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...
CVE-2026-2285 CVE-2026-2285
CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-XSS-Protection" header
Summary There is missing or insecure "X-XSS-Protection" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application. Vulnerability Details CVEID: CVE-2021-20446 DESCRIPTION: IBM Maxi...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field
Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to cross-site scripting and missing or insecure "X-Content-Type-Options" header
Summary There is missing or insecure "X-Content-Type-Options" header in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive...
Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to check for SRI (Subresource Integrity) support
Summary There is missing check for SRI Subresource Integrity support in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible the user-agent can't verify scripts from third-party services. In case of compromise of the third-party service, the...
Updating Airplanes
If you think updating Windows etc is painful, spare a thought for avionics maintenance engineers. Flight Management System FMS and related navigation databases navaids, airspace etc have to be updated monthly, locally. On older planes, it’s sometimes still done on 3.5” floppy. It’s more common to...