7051 matches found
CVE-2025-36033
CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...
CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
IBM Engineering Lifecycle Management - Global Configuration Management 跨站脚本漏洞
IBM Engineering Lifecycle Management - Global Configuration Management is a configuration management software provided by IBM Corporation. Versions 7.0.3 to 7.0.3 Interim Fix 017 and 7.1.0 to 7.1.0 Interim Fix 004 of IBM Engineering Lifecycle Management - Global Configuration Management contain...
PT-2026-6334
Name of the Vulnerable Software and Affected Versions BrowserStack Runner versions 0.1.0 through 0.9.5 Notepad++ versions prior to 8.8.2 Description BrowserStack Runner contains a path traversal issue in the default HTTP handler within lib/server.js. This allows unauthenticated network-adjacent...
Infostealers without borders: macOS, Python stealers, and platform abuse
Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...
Infostealers without borders: macOS, Python stealers, and platform abuse
Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing trusted platforms and utilities to silently deliver credential-stealing malware at scale. Since late...
How fake party invitations are being used to install remote access tools
“You’re invited!” It sounds friendly, familiar and quite harmless. But in a scam we recently spotted, that simple phrase is being used to trick victims into installing a full remote access tool on their Windows computers—giving attackers complete control of the system. What appears to be a casual...
PT-2026-5711
Name of the Vulnerable Software and Affected Versions Rizin versions prior to 0.8.2 Description Rizin, a reverse engineering framework, contains a flaw where a heap overflow can occur when processing maliciously crafted mach0 files with invalid dyld chained segment entries. This issue can be...
ctf-skills
ctf-skills Claude Codehttps://docs.anthropic.com/en/docs/c...
CyberSec-PAF-CTF-2026-writeup
CyberSec PAF CTF 2026 🚩 Hosted by the PAF-IAST Cyber-Sec So...
Evaluating Large Language Models for Security Bug Report Prediction
Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...
CVE-2026-24768
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...
KiloView Encoder Series (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache POI
Summary A vulnerabilitiy has been identified in Apache POI, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...
CVE-2026-24768
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...
CVE-2026-24768
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect...
iba Systems ibaPDA
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Security Bulletin: IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting
Summary Cross-site scripting vulnerability has been identified in IBM Engineering Lifecycle Management - Global Configuration Management. Vulnerability Details CVEID:CVE-2025-36033 DESCRIPTION: IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in FasterXML jackson-databind
Summary Vulnerabilities have been identified in FasterXML jackson-databind, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion ca...
CVE-2025-67264
An OS command injection vulnerability in the com.sprd.engineermode component in Doogee Note59, Note59 Pro, and Note59 Pro+ allows a local attacker to execute arbitrary code and escalate privileges via the EngineerMode ADB shell, due to incomplete patching of CVE-2025-31710...