Lucene search
K

126688 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:46 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by denial of service due to Python cryptography package

Summary The Python cryptography package is used by IBM Cloud Pak for Data System to provide cryptographic functionality. CVE-2024-0727 affects the underlying OpenSSL library used by the cryptography package. Processing a maliciously formatted PKCS12 file may cause a NULL pointer dereference in...

5.5CVSS6.7AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:38 a.m.2 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper validation due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Cloud Pak for Data System CPDS as part of its web server infrastructure. CVE-2024-6763 affects Eclipse Jetty's HttpURI class, which performs insufficient validation on the authority segment of a URI. This could potentially lead to open redirect attacks or...

5.3CVSS7.1AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 7:22 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...

9.1CVSS5.8AI score0.00556EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 6:28 a.m.4 views

Security Bulletin: IBM Content Navigator uses Apache Commons Collections resulting in multiple CVEs

Summary IBM Content Navigator is affected by CVE-2015-4852, a Deserialization of Untrusted Data vulnerability CWE-502 in Apache Commons Collections, originally identified in Oracle WebLogic Server. A remote attacker could exploit this vulnerability by sending a crafted serialized Java object over...

10CVSS7.8AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 6:0 a.m.7 views

Security Bulletin: Multiple Vulnerabilities for EDB Cloudpack for Data CP4D 5.3.1

Summary Security Bulletin of Multiple Vulnerabilities from EDB Cloudpack for Data.CP4D 5.3.1. IBM strongly recommends addressing the vulnerability now by upgrading.to 5.3.1 Vulnerability Details CVEID:CVE-2025-58189 DESCRIPTION: When Conn.Handshake fails during ALPN negotiation the error contains...

7.7CVSS7.1AI score0.73495EPSS
Exploits4Affected Software1
Securelist
Securelist
added 2026/04/01 6:0 a.m.6 views

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS malware‑as‑a‑service with three subscription tiers. It caught our attention because of its extensive arsenal of capabilities. On the panel...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 5:6 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.38 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in...

9.8CVSS7AI score0.01075EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.2 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/01 12:0 a.m.2 views

Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration

The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/01 12:0 a.m.1 views

Secure Network Function Computation for General Target and Security Functions

Secure network function computation is a critical research direction in network coding, which aims to ensure that the target function is correctly computed at the sink node while preventing the wiretapper from obtaining any information about the security function. In this paper, we focus on the...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29690

Name of the Vulnerable Software and Affected Versions Open vSwitch affected versions not specified Description An issue exists in Open vSwitch related to invalid memory access within the conntrack FTP algorithm. Specifically, crafted FTP payloads can trigger invalid memory accesses, potentially...

5.9CVSS6.1AI score0.00405EPSS
Exploits0References45
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

IBM Aspera Shares 加密问题漏洞

IBM Aspera Shares is a Web application from International Business Machines IBM. An encryption issue vulnerability exists in IBM Aspera Shares versions 1.9.9 through 1.11.0. The vulnerability stems from the use of a weak encryption algorithm and can be exploited by an attacker to decrypt highly...

7.5CVSS5.8AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.1 views

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

5.8AI score0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.6 views

Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed. Versions 3.3.0 to 3.6.5, as well as 4.0.0, of Mbed TLS contain security vulnerabilities due to a vulnerability that allows for algorithm downgrading...

6.5CVSS5.8AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29826

Summary MCPToolIndex.search tools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00402EPSS
Exploits1References4
Amazon
Amazon
added 2026/04/01 12:0 a.m.10 views

Important: python3.13-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML in the default error page where it could be used for XSS and can ...

8.7CVSS6.5AI score0.00396EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29823

Summary passthrough and apassthrough in praisonai accept a caller-controlled api base parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist i...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.12 views

Amazon Linux 2023 : python3.13-tornado (ALAS2023-2026-1528)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1528 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers where it could be used for head...

8.7CVSS6.6AI score0.00396EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.19 views

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29824

Summary run python in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executio...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References4
Rows per page
Query Builder