Security Bulletin: IBM App Connect Enterprise is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server ( CVE-2026-29087 & CVE-2026-39406 )

Summary IBM App Connect Enterprise runtime is vulnerable to Incorrect Authorization and Middleware Bypass due to Node.js module @hono/node-server. Vulnerability Details CVEID:CVE-2026-29087 DESCRIPTION: @hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, wh...

EUVD-2025-209530

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure. The Monitoring...

CVE-2025-59892

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

Flexense Disk Pulse Enterprise Cross-Site Request Forgery Vulnerability

Flexense Disk Pulse Enterprise is a real-time file system monitoring software developed by Flexense Corporation. Version 10.4.18 of Flexense Disk Pulse Enterprise contains a cross-site request forgeing vulnerability. This vulnerability stems from insufficient user input validation for the...

CVE-2019-2985

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2019-11403

In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page...

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

PT-2025-49111

Name of the Vulnerable Software and Affected Versions PX Enterprise affected versions not specified Description A flaw exists in PX Enterprise that could lead to the logging of sensitive information under certain circumstances. Approximately 10,000 devices worldwide may be affected. There are no...

Sourceforge Easywork Enterprise 安全漏洞

Sourceforge Easywork Enterprise is a Sourceforge open source enterprise management system. A security vulnerability exists in Sourceforge Easywork Enterprise version 2.1.3.354, which originates from storing sensitive information in memory in clear text and could lead to unauthorized activation of...

EUVD-2013-4803

Malware in sbrugna...

EUVD-2021-13729

Malware in sbrugna...

EUVD-2014-0478

Malware in sbrugna...

EUVD-2020-21769

Malware in sbrugna...

EUVD-2016-3859

Malware in sbrugna...

EUVD-2010-4607

Malware in sbrugna...

EUVD-2020-7753

Malware in sbrugna...

EUVD-2021-18456

Malware in sbrugna...

EUVD-2015-4125

Malware in sbrugna...

EUVD-2016-6409

Malware in sbrugna...