126717 matches found
Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.
Summary IBM Rational Build Forge 8.0.0.30 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are...
Security Bulletin: Multiple vulnerabilities in IBM DevOps Release
Summary IBM DevOps Release 7.0.0.7 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostNam...
Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management
Summary IBM Spectrum Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management can be affected by logging and security vulnerabilities. This update improves reliability of Java object property handling, modern logging frameworks and...
Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access Digital Credentials
Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2026-27837 DESCRIPTION: Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for...
π NLTK 3.9.2 Arbitrary File Read / Path Traversal
NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 β NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...
PT-2026-29366
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo is an open source video platform. Versions 26.0 and earlier have a reflected cross-site scripting XSS issue in the User Location pluginβs testIP.php page. The ip request parameter is directly...
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
PT-2026-29322
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...
PT-2026-29252
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
CVE-2026-30309
InfCode's InfCode Terminal vulnerability (CVE-2026-30309) stems from a defective command filtering module in the terminal auto-execution feature. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic se...
PT-2026-29358
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...
PT-2026-29348
Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description Admidio relies on .htaccess files to restrict direct HTTP access to uploaded documents. The Docker image is configured with AllowOverride None in the Apache configuration, causing these .htacces...
IBM Concert Encryption Problem Vulnerability (CNVD-2026-16135)
IBM Concert is IBM's collaborative application lifecycle management platform. IBM Concert has a security vulnerability that stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the vulnerability to decrypt highly sensitive information...
PT-2026-29352
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideoβs admin plugin configuration endpoint admin/save.json.php is susceptible to cross-site request forgery CSRF attacks due to the absence of CSRF token validation. The application's configuration...
CVE-2026-30309
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...
PT-2026-29359
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...
Mbed TLS -- vulnerabilities
https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...
π Google Keras 3.13.0 Denial of Service
A denial of service vulnerability exists in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 on all platforms. The vulnerability is caused by the absence of any validation or throttling when processing HDF5 dataset shape metadata declared inside a .keras archive...
π NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution
nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...