9320 matches found
Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)
Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
CVE-2026-24072
CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.
Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...
Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904
Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904.
Summary IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CLSA-2026-1777394614 nodejs: Fix of 3 CVEs
CVE-2022-25883: fix ReDoS in bundled npm semver new Range and parseComparator caused by unbounded whitespace expansion in version ranges - CVE-2026-21710: fix HTTP prototype pollution in http.get/request via headersDistinct option by using null-prototype objects for header storage -...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...
GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
Spring AI has a VectorStore FilterExpression Converter injection
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
EUVD-2026-25994
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CVE-2026-40967
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CVE-2026-40967
Summary : CVE-2026-40967 affects Spring AI 1.0.0–1.0.5 (fix in 1.0.6) and 1.1.0–1.1.4 (fix in 1.1.5). In several FilterExpressionConverter implementations, filter expression keys/values aren’t properly escaped, enabling an attacker to alter vector store queries. This could impact query integrity ...
CVE-2026-7045
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessordoDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the...
PT-2026-35667
Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4 Description Various FilterExpressionConverter implementations fail to properly escape keys and values when translating filter expression objects into specific vector...
Regular Expression Denial of Service (ReDoS)
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the CSS selector tokenizer in css/tokenizer.rb. An attacker can cause excessive resource consumption by supplying malicious input to...