Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)

Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

EUVD-2026-20938

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

CVE-2026-33266 Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a...

CVE-2026-34020

CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...

CVE-2026-21952

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...

SLiMS 9 Bulian SQL注入漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. An SQL injection vulnerability exists in SLiMS 9 Bulian version 9.0.0, which stem...

CVE-2025-64325

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

CVE-2021-22968

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored i...

WordPress Greenshift plugin <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery and Stored Cross-Site Scripting vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Greenshift versions = 9.0.0...

wfa_dut 安全漏洞

wfadut JC6 is software from the Wi-Fi Alliance USA. A security vulnerability exists in wfadut version 9.0.0 and earlier, which stems from the use of system library functions that are vulnerable to OS command injection...

QEMU 安全漏洞

QEMU Quick Emulator is a suite of simulation processor software by Fabrice Bellard, an individual developer in France. The software is fast and cross-platform. A security vulnerability exists in QEMU versions 8.2.3 and 9.0.0, which stems from a flaw found in QEMU in the Virtio PCI binding...

PT-2023-30871 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 8.5.13 and earlier Concrete CMS versions 9.0.0 through 9.2.2 Description: The issue allows an admin to add a stored XSS payload via the Layout Preset name, potentially affecting user interactions with the system...

PT-2022-27002 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS formerly concrete5 versions 9.0.0 through 9.1.2 Concrete CMS formerly concrete5 versions prior to 8.5.10 Description: The issue allows the authTypeConcreteCookieMap table to be filled up, causing a denial of service due to high...

CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from the lack of authentication or authorization of packets after a connection is...

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and backup protection of environmental data such as metadata and virtual environments. A security...

DEBIAN-CVE-2021-37148

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1...

CVE-2020-15383

Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic...