3515 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper management of the resource lifecycle of the ucan driver devices, potentially leading to...
CVE-2026-44444 Lumiverse: Spindle extension install runs untrusted lifecycle scripts before security scan
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan assertSafeBackendBundle. A malicious extension that ships a package.json with a preinstall,...
CVE-2026-44444 Lumiverse: Spindle extension install runs untrusted lifecycle scripts before security scan
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan assertSafeBackendBundle. A malicious extension that ships a package.json with a preinstall,...
CVE-2026-4051
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
CVE-2026-3660
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2026-3603
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...
CVE-2026-3660
CVE-2026-3660 affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (through iFix021), 7.1.0 (through iFix009), and 7.2.0 (through iFix001). The issue arises from an unauthorized modification path that allows an unauthenticated remote attacker to update server property ...
CVE-2026-3660 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2026-3660 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2026-3660
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
EUVD-2026-31954
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application...
CVE-2026-3603
The CVE-2026-3603 issue affects IBM Engineering Lifecycle Management – Jazz Foundation components: 7.0.3 (iFix001–iFix021), 7.1.0 (iFix001–iFix009), and 7.2.0 (iFix001–iFix002). A XML external entity (XXE) vulnerability arises when processing XML data, allowing an authenticated attacker to potent...
CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001 through Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit...
CVE-2026-3603
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
EUVD-2026-31952
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2026-3603 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...
CVE-2026-4051 IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
CVE-2026-4051
CVE-2026-4051 concerns IBM Engineering Lifecycle Management - Jazz Foundation. Affected products/versions: 7.0.3 (through iFix021), 7.1.0 (through iFix009), 7.2.0 (through iFix001). Root cause: an exposed method that is not properly restricted, enabling a user with administrative privileges to pe...
EUVD-2026-31951
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...
CVE-2026-4051
IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted...