Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat [CVE-2026-24734]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat, due to a failure to complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed CVE-2026-24734. Apache Tomcat is used in our speech...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2026-2403

CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload...

CVE-2026-2403

The CVE describes an input validation flaw (CWE-1284) where improper validation of a specified quantity in the POST /logsettings payload by a Web Admin user can lead to Event and Data Log truncation, compromising log integrity. Exploitation details are not provided beyond the admin payload manipu...

Windows Hyper-V Remote Code Execution Vulnerability

Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...

PowerShell Elevation of Privilege Vulnerability

Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally...

Windows Server Update Service (WSUS) Tampering Vulnerability

Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network...

Windows BitLocker Security Feature Bypass Vulnerability

Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally...

Microsoft PowerShell Security Feature Bypass Vulnerability

Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally...

Windows Active Directory Remote Code Execution Vulnerability

Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network...

Windows Hello Security Feature Bypass Vulnerability

Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network...

Azure Monitor Agent Elevation of Privilege Vulnerability

Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

Windows Hello Security Feature Bypass Vulnerability

Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally...

Microsoft SharePoint Server Spoofing Vulnerability

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2009-0238link is external Microsoft Office Remote Code Execution Vulnerability CVE-2026-32201link is external Microsoft SharePoint Server Improper Input...

EUVD-2026-22092

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

EUVD-2026-22094

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

PT-2026-32768

Name of the Vulnerable Software and Affected Versions Windows Hello affected versions not specified Description Improper input validation allows an authorized attacker to bypass a security feature locally, which can affect the system. Recommendations At the moment, there is no information about a...

PT-2026-32836

Name of the Vulnerable Software and Affected Versions Azure Monitor Agent affected versions not specified Description Improper input validation allows an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer version that contains a...