Security Bulletin: A pillarjs path-to-regexp vulnerability affects IBM Safer Payments (CVE-2024-45296)

Summary pillarjs path-to-regexp is used by IBM Safer Payments as part of UI navigation routes. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

Security Bulletin: IBM Security SOAR is vulnerable to denial of service (CVE-2024-45296)

Summary IBM Security SOAR was using a UI component which contained a vulnerability that could lead to a client-side regular expression denial of service CVE-2024-45296. The vulnerable component has been removed from the UI. Please upgrade to IBM Security SOAR version 51.0.4.0 or later...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-21536]

Summary Node.js module http-proxy-middleware is used by IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring components, which are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2024-47554]

Summary Apache Commons IO is used by IBM App Connect Enterprise Certified Container by the IntegrationServer and IntegrationRuntime operands. These operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Apache Commons IO...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]

Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...

CVE-2025-23045

creationtimestamp| type| source ---|---|--- 2025-01-28 16:16:32+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgsu42tcvz2f 2025-01-28 17:02:25+00:00| published-proof-of-concept| Telegram/VQDyMSiZHY5xvEKb4oih99dlPq4vD6lnAW-AaTy3BGN-vo 2025-01-28 18:47:23+00:00| seen|...

CVE-2024-57276

creationtimestamp| type| source ---|---|--- 2025-01-27 16:36:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113901292449278960 2025-01-27 17:16:13+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqgxv6iqm2h 2025-01-27 18:55:23+00:00| seen|...

CVE-2024-38320

creationtimestamp| type| source ---|---|--- 2025-01-27 15:45:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113901091397780672 2025-01-27 16:16:14+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgqdmn7e4v2c 2025-01-27 17:40:22+00:00| seen|...

CVE-2024-41739

creationtimestamp| type| source ---|---|--- 2025-01-24 13:42:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113883622037551920 2025-01-24 14:04:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2902 2025-01-24 14:48:38+00:00| seen|...

CVE-2025-23227

creationtimestamp| type| source ---|---|--- 2025-01-23 17:29:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113878851777568302 2025-01-23 18:03:28+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2791 2025-01-23 18:16:09+00:00| seen|...

CVE-2024-55927

creationtimestamp| type| source ---|---|--- 2025-01-23 17:29:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113878851747424255 2025-01-23 18:03:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2790 2025-01-23 18:15:55+00:00| seen|...

CVE-2024-52331

creationtimestamp| type| source ---|---|--- 2025-01-23 17:15:53+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lggf3mf72m2t 2025-01-23 17:40:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lgggguul3a2b 2025-01-23 19:09:14+00:00| seen|...

CVE-2025-21550

...

CVE-2025-21530

...

MAL-2025-214 Malicious code in opensea-developer-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 692ba66619407967d692be9c0e70b5b297806cf1e398766ee1556657af6feba1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-23698

creationtimestamp| type| source ---|---|--- 2025-01-16 20:19:29+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv43ia6v72n 2025-01-17 00:38:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113840901500299046...

CVE-2024-57679

creationtimestamp| type| source ---|---|--- 2025-01-16 18:54:55+00:00| seen| https://infosec.exchange/users/cve/statuses/113839550952252289 2025-01-16 18:56:07+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2000 2025-01-16 19:16:01+00:00| seen|...

CGA-F8R8-GCP7-278J

Bulletin has no description...

FreeBSD : keycloak -- Multiple security fixes (5e2bd238-d2bb-11ef-bc0e-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5e2bd238-d2bb-11ef-bc0e-1c697a616631 advisory. Keycloak reports: This update includes 2 security fixes: Tenable has extracted the preceding...

CVE-2025-21319

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:21:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpukxd7fs2f 2025-01-15 00:41:30+00:00| seen|...