Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic. CVE-2025-14505 The vulnerability have been addressed Vulnerability Details CVEID:CVE-2025-14505 DESCRIPTION: The ECDSA implementation of the Elliptic package generates incorrect signatures if a...

CVE-2026-4221

A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞

IBM Sterling B2B Integrator is a flexible integration platform that simplifies complex B2B and Electronic Data Interchange EDI processes across the partner ecosystem, supports local and hybrid cloud deployments, ensures data security, and provides high availability guarantees.IBM Sterling File...

EUVD-2025-34752

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

EUVD-2023-52427

Malicious code in bioql PyPI...

IBM InfoSphere Information Server SQL注入漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An SQL injection vulnerability exists in IBM InfoSphere Information Server version 11.7 that ste...

The vulnerability of the Apache InLong data integration platform, related to shortcomings in the deserialization mechanism, allows attackers to circumvent existing security restrictions and gain access to read arbitrary files.

The vulnerability of the Apache InLong data integration platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain access to read arbitrary files...

Unauthorized Access Vulnerability in the Integration Platform of Beijing UFIDA Government Affairs Software Co.

Beijing UFIDA Government Software Co., Ltd. is an all-round business management informatization solution provider for government departments, institutions and non-profit organizations. An unauthorized access vulnerability exists in the integration platform of Beijing UFIDA Government Affairs...

The vulnerabilities of SAP NetWeaver Application Server ABAP and ABAP Platform’s software integration platforms are related to deficiencies in authentication procedures, allowing attackers to compromise the confidentiality of protected information.

The vulnerability of SAP NetWeaver Application Server ABAP and ABAP Platform software integration platforms is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to compromise the confidentiality of the protected information...

GHSA-XMHH-XRCC-MX36 Scrypted Cross-site Scripting vulnerability

Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the owner' and 'pkg parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patch...

Celebrating a Milestone: 100 WIN Integrations and Counting!

The Wiz INtegration WIN Platform has come a long way in the year since it launched...

Cross Site Scripting (XSS)

Sentry is vulnerable to Cross Site Scripting XSS. The vulnerability is due to lack of input sanitization for payloads sent from Integration platform integrations, which allows arbitrary HTML tags to be stored and rendered on the Issues page...

CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

CVE-2024-41656 Sentry vulnerable to stored Cross-Site Scripting (XSS)

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

CVE-2024-41656

Sentry vulnerability CVE-2024-41656 affects self-hosted Sentry versions 10.0.0 to before 24.7.1, where an unsanitized payload from an Integration platform could store arbitrary HTML that is later rendered on the Issues page. The issue is mitigated for Sentry SaaS (already patched) and on sentry.i...

Sentry vulnerable to stored Cross-Site Scripting (XSS)

Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...

GHSA-FM88-HC3V-3WWW Sentry vulnerable to stored Cross-Site Scripting (XSS)

Impact An unsanitized payload sent by an Integration platform integration allows the storage of arbitrary HTML tags on the Sentry side. This payload could subsequently be rendered on the Issues page, creating a Stored Cross-Site Scripting XSS vulnerability. This vulnerability might lead to the...

The vulnerability of the IBM InfoSphere Information Server software platform arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the IBM InfoSphere Information Server data integration software platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system from International Business Machines IBM, Inc. that combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native IBM App Connect Enterprise combines existing industry-trusted IBM...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise has a...