7426 matches found
PT-2025-45387
Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...
CVE-2025-63418
Summary: CVE-2025-63418 affects the SelfBest platform 2023.3. The issue is a DOM-based XSS caused by client-side code performing direct DOM manipulation without adequate sanitization or a CSP. This could allow an attacker to execute arbitrary JavaScript in a logged-in user’s context, potentially ...
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates
Xibo is an open source digital signage platform with a web content management system CMS. Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System - Add/Edit custom modules and...
Xibo CMS 安全漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS 4.3.0 and prior versions, which stems from a mishandled Twig filter in the Module Templates feature in the CMS Developer menu, which could lead to remote code execution...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.7.2 release.
Red Hat Developer Hub 1.7.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
CarLux 安全漏洞
CarLux is a car booking system by the individual developer AKSHIT SONANI. A security vulnerability exists in CarLux version 1.0, which originates from a SQL injection vulnerability in the file /carlux/sign-in.php...
EUVD-2025-37028
Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of servic...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prio...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVSS...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch Vulnerability Details CVEID:CVE-2025-2953 DESCRIPTION: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47944 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel requests
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior ...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credential...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credential...