126628 matches found
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper validation due to Eclipse Jetty.
Summary Eclipse Jetty is used by IBM Cloud Pak for Data System CPDS as part of its web server infrastructure. CVE-2024-6763 affects Eclipse Jetty's HttpURI class, which performs insufficient validation on the authority segment of a URI. This could potentially lead to open redirect attacks or...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...
Security Bulletin: IBM Content Navigator uses Apache Commons Collections resulting in multiple CVEs
Summary IBM Content Navigator is affected by CVE-2015-4852, a Deserialization of Untrusted Data vulnerability CWE-502 in Apache Commons Collections, originally identified in Oracle WebLogic Server. A remote attacker could exploit this vulnerability by sending a crafted serialized Java object over...
Security Bulletin: Multiple Vulnerabilities for EDB Cloudpack for Data CP4D 5.3.1
Summary Security Bulletin of Multiple Vulnerabilities from EDB Cloudpack for Data.CP4D 5.3.1. IBM strongly recommends addressing the vulnerability now by upgrading.to 5.3.1 Vulnerability Details CVEID:CVE-2025-58189 DESCRIPTION: When Conn.Handshake fails during ALPN negotiation the error contains...
A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...
Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact
Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.38 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in...
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration
The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...
IBM Aspera Shares 加密问题漏洞
IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...
Secure Network Function Computation for General Target and Security Functions
Secure network function computation is a critical research direction in network coding, which aims to ensure that the target function is correctly computed at the sink node while preventing the wiretapper from obtaining any information about the security function. In this paper, we focus on the...
PT-2026-29690
Name of the Vulnerable Software and Affected Versions Open vSwitch affected versions not specified Description An issue exists in Open vSwitch related to invalid memory access within the conntrack FTP algorithm. Specifically, crafted FTP payloads can trigger invalid memory accesses, potentially...
PT-2026-29826
Summary MCPToolIndex.search tools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...
Important: python3.13-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...
PT-2026-29823
Summary passthrough and apassthrough in praisonai accept a caller-controlled api base parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist i...
CVE-2026-25834
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...
CVE-2026-25834
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...
CVE-2026-25834
CVE-2026-25834 is disclosed in the OpenSUSE/SUSE advisories linked to ovmf and is tied to mbed TLS 3.6.x. The OpenSUSE OpenSUSE-SU-2026:20875-1 advisory describes CVE-2026-25834 as: the client accepts a signature algorithm chosen by the server even if it was not advertised in the client hello. Th...
Mbed TLS 安全漏洞
Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions 3.3.0 to 3.6.5, as well as 4.0.0, of Mbed TLS contain security vulnerabilities due to a vulnerability that allows for algorithm downgrading...
PT-2026-29578
Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.3.0 through 3.6.5 and version 4.0.0 Description The Mbed TLS software contains a flaw related to Algorithm Downgrade. Recommendations Update to a version later than 3.6.5. Update to a version later than 4.0.0...
CVE-2026-25834
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...