1369 matches found
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...
CVE-2026-4096
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
EUVD-2026-36252
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2026-4096 A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests.
IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking...
CVE-2026-4096
Summary of CVE-2026-4096 (IBM DevOps Plan) IBM DevOps Plan versions 3.0.0 to 3.0.6 are affected by an HTTP header injection vulnerability caused by improper validation of the Host header. This can enable attacker-driven attacks such as cross-site scripting, cache poisoning, or session hijacking a...
IBM DevOps Plan 安全漏洞
IBM DevOps Plan is a change management collaboration platform provided by the American multinational company International Business Machines IBM. There were security vulnerabilities in versions 3.0.0 to 3.0.6 of IBM DevOps Plan. These vulnerabilities stemmed from improper input validation of the...
Security Bulletin: DevOps Test Performance / Rational Performance Tester contains a vulnerability related to use of the AsyncHttpClient (AHC) library
Summary Due to use of the AsyncHttpClient AHC library, DevOps Test Performance / Rational Performance Tester, contains a potential vulnerability exposing sensitive session cookies or other credentials. CVE-2026-45300 Vulnerability Details CVEID:CVE-2026-45300 DESCRIPTION: The AsyncHttpClient AHC...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2026-8633, CVE-2026-8620]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: A vulnerability has been identified in the Netty framework used by IBM DevOps Plan (CVE-2025-58057)
Summary A vulnerability has been identified in the Netty framework used by IBM DevOps Plan. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...
Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)
Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...
Security Bulletin: Multiple vulnerabilties in IBM Rational Functional Tester / DevOps Test UI
Summary Multiple vulnerabilities were addressed in DevOps Test UI version 11.0.7 Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request...
Security Bulletin: A runtime-7.23.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in runtime-7.23.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...
Security Bulletin: A nimbus-jose-jwt-9.37.3.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in nimbus-jose-jwt-9.37.3.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before...
Security Bulletin: A json-path-2.6.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in json-path-2.6.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...
Security Bulletin: A commons-lang3-3.12.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in commons-lang3-3.12.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issu...
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI
Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...
Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...
Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-cor...
Security Bulletin: A react-router-6.25.1.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in react-router-6.25.1.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 an...
Security Bulletin: A netty-codec-http-4.1.118.Final.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in netty-codec-http-4.1.118.Final.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application...