Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

xss

CSS Style Sheet Mutation alert"This is a test" alert"...

CVE-2026-40860 Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp

JmsBinding.extractBodyFromJms in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject without applying any ObjectInputFilter, class allowlist or class denylist. Because this code path is...

CVE-2026-7092 code-projects Invoice System in Laravel Profile profile improper authorization

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

GPAC 缓冲区错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC such as 26.03-DEV-rev105-g8f39a1eb3-master and earlier have a buffer error vulnerability. This vulnerability stems from the function elngboxread in the MP4Box component’s file src/isomedia/boxcodebase.c, which process...

likeadmin 注入漏洞

likeadmin is a general-purpose management backend development framework created by likeadmin’s individual developer. Versions of likeadmin 1.9.6 and earlier have a vulnerability related to injection attacks. This vulnerability stems from improper handling of the queryResult function in the...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-mongodb-atlas-store is a Spring AI Vector Store - MongoDB Atlas Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

angband

Angband - Kernel Exploit Framework A staged, modular framew...

CVE-2026-6993

CVE-2026-6993 affects go-kratos kratos up to 2.9.2. It concerns the function NewServer in transport/http/server.go’s http.DefaultServeMux Fallback Handler, where manipulation can yield an unintended intermediary and may be exploitable remotely. Public exploit exists. A patch is identified as 0284...

CVE-2026-6991 colinhacks Zod CUID Data Type regexes.ts sql injection

A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...

CVE-2026-42554

creationtimestamp| type| source ---|---|--- 2026-04-25 13:08:32+00:00| published-proof-of-concept| https://github.com/gofiber/fiber/security/advisories/GHSA-qjv7-627w-8qjv...

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber...

SafeVault

SafeVault - Security and Authentication Capstone Project A pr...

OESA-2026-1995 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setti...

[SECURITY] Fedora 44 Update: cef-146.0.11^chromium146.0.7680.177-2.fc44

CEF is an embeddable build of Chromium, powered by WebKit Blink...

[SECURITY] Fedora 44 Update: qt6-qtwebengine-6.10.3-1.fc44

Qt6 - QtWebEngine components...

[SECURITY] Fedora 44 Update: qt6-qtsvg-6.10.3-1.fc44

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

[SECURITY] Fedora 44 Update: qt6-qtvirtualkeyboard-6.10.3-1.fc44

The Qt Virtual Keyboard project provides an input framework and reference key board frontend for Qt 6. Key features include: Customizable keyboard layouts and styles with dynamic switching. Predictive text input with word selection. Character preview and alternative character view. Automatic...

[SECURITY] Fedora 44 Update: qt6-qtgraphs-6.10.3-1.fc44

The Qt Graphs module enables you to visualize data in 3D as bar, scatter, and surface graphs. It's especially useful for visualizing depth maps and large quantities of rapidly changing data, such as data received from multiple sensors. The look and feel of graphs can be customized by using themes...

[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44

Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...