CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

CVE-2025-58381 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

CVE-2025-9711

CVE-2025-9711 is a local privilege escalation flaw in Brocade Fabric OS prior to 9.2.1c3, enabling a local authenticated user to elevate privileges to root via the export option of the seccertmgmt and seccryptocfg commands. Connected sources confirm affected software versions and the root-cause i...

EUVD-2025-28065

Malicious code in bioql PyPI...

Broadcom Brocade Fabric OS 安全漏洞

Broadcom Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Broadcom USA. A security vulnerability exists in Broadcom Brocade Fabric OS FOS versions 9.2.2 and earlier, which stems from path traversal and could lead to the disclosure of...

CVE-2024-36987

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint...

PortlandLabs Concrete CMS Security Vulnerability

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. A security vulnerability exists in PortlandLabs Concrete CMS prior to 8.5.13 and versions prior to 9.2.2, which stems from a File creation function that may grant too many permissions when...

Artifex Ghostscript GhostXPS Heap Buffer Overflow Vulnerability

Artifex Ghostscript is an open source PostScript a page description language and programming language for the electronics industry and desktop publishing parser from Artifex Software. Artifex Ghostscript A security vulnerability exists in the 'xpsloadsfntname' function of the xps/xpsfont.c file i...

Multiple Apple Products WebKit Denial of Service Vulnerability

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Multiple Apple Products WebKit Homologation Policy Bypass Vulnerability

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...