Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.25 Vulnerability Details CVEID:CVE-2026-30951 DESCRIPTION: Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injection via unescaped cast type in JSON/JSONB where clause processing. The...

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. The vulnerabilities stem from improper validation of the length parameter in the HTTPS management interface. This could...

Exploit for Use After Free in Adobe Acrobat_Dc

CVE-2020-9715 EDR Validation PoC Use-after-free in Adobe Acro...

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own...

EUVD-2025-208751

A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an attacker-controlled DLL into...

CVE-2025-69784

OpenEDR kernel driver 2.5.1.0 is affected by CVE-2025-69784. A local, non-privileged attacker can abuse a vulnerable IOCTL interface to modify the DLL injection path to a user-writable location, causing the product to load an attacker‑controlled DLL into high‑privilege processes. This yields arbi...

CVE-2025-69783

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

PT-2026-25767

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name e.g., csrss.exe, edrsvc.exe, edrcon.exe. This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged functionality such as...

CVE-2025-36377

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36376

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36376 IBM Security QRadar EDR Software has multiple vulnerabilities

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36376 IBM Security QRadar EDR Software has multiple vulnerabilities

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36377

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2025-36379

IBM Security QRadar EDR and IBM Security ReaQta are affected by CVE-2025-36379, where weaker-than-expected cryptographic algorithms could allow decryption of sensitive information. Affected versions: QRadar EDR 3.12 through 3.12.23 (and ReaQta 3.12 through 3.12.23). Root cause: use of insufficien...

CVE-2025-36379 IBM Security QRadar EDR Software has multiple vulnerabilities

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2026-20251

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 Description IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system. Recommendations Update...

PT-2026-20250

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 Description IBM Security QRadar EDR does not invalidate sessions after they expire. This could allow an authenticated user to impersonate another user on the system. Recommendations Update...

PT-2026-20252

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.23 IBM Security ReaQta versions 3.12 through 3.12.23 Description IBM Security QRadar EDR and IBM Security ReaQta utilize cryptographic algorithms that are considered insufficiently strong,...