Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

EUVD-2026-35860

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

CVE-2026-9742

The CVE-2026-9742 entry describes a vulnerability in MongoDB where, when OIDC authentication is enabled, a crafted value in the mechanism parameter of the authenticate command can crash the server. The authenticate command is reachable by unauthenticated clients, enabling pre-auth denial-of-servi...

Authenticate command with specific mechanism parameter can trigger server crash

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

EUVD-2026-35525

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35521

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35524

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35526

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35522

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35514

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-50507

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-48575

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-48576

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-48570

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-48568

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-47656

Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally...

CVE-2026-45658

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...