Lucene search
K

126717 matches found

IBM Security Bulletins
IBM Security Bulletins
β€’added 2026/03/31 9:49 a.m.β€’4 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.30 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are...

9.8CVSS7.3AI score0.02591EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2026/03/31 9:44 a.m.β€’7 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Release

Summary IBM DevOps Release 7.0.0.7 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostNam...

9.1CVSS6.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
β€’added 2026/03/31 3:38 a.m.β€’8 views

Security Bulletin: Vulnerability in IBM Java, Websphere, OpenSSL, libcurl, and Apache Commons may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Spectrum Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management can be affected by logging and security vulnerabilities. This update improves reliability of Java object property handling, modern logging frameworks and...

7.5CVSS7.8AI score0.66594EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
β€’added 2026/03/31 12:38 a.m.β€’11 views

Security Bulletin: Security Vulnerabilities have been found in IBM Verify Identity Access Digital Credentials

Summary Security Vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2026-27837 DESCRIPTION: Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for...

9.8CVSS5.9AI score0.00541EPSS
Exploits8Affected Software1
Packet Storm
Packet Storm
β€’added 2026/03/31 12:0 a.m.β€’178 views

πŸ“„ NLTK 3.9.2 Arbitrary File Read / Path Traversal

NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 β€” NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...

8.6CVSS6AI score0.00924EPSS
Exploits3
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’5 views

PT-2026-29366

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo is an open source video platform. Versions 26.0 and earlier have a reflected cross-site scripting XSS issue in the User Location plugin’s testIP.php page. The ip request parameter is directly...

6.1CVSS5.9AI score0.0022EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
β€’added 2026/03/31 12:0 a.m.β€’2 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
β€’added 2026/03/31 12:0 a.m.β€’3 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

6.5AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’6 views

PT-2026-29322

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References4
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’5 views

PT-2026-29252

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References3
CVE
CVE
β€’added 2026/03/31 12:0 a.m.β€’12 views

CVE-2026-30309

InfCode's InfCode Terminal vulnerability (CVE-2026-30309) stems from a defective command filtering module in the terminal auto-execution feature. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell (e.g., powershell), and the matching algorithm lacks dynamic se...

7.8CVSS6.5AI score0.00297EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’2 views

PT-2026-29358

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

6.5CVSS6AI score0.00157EPSS
Exploits1References3
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’9 views

PT-2026-29348

Name of the Vulnerable Software and Affected Versions Admidio versions 5.0.0 through 5.0.7 Description Admidio relies on .htaccess files to restrict direct HTTP access to uploaded documents. The Docker image is configured with AllowOverride None in the Apache configuration, causing these .htacces...

7.5CVSS5.8AI score0.00575EPSS
Exploits1References6
CNVD
CNVD
β€’added 2026/03/31 12:0 a.m.β€’2 views

IBM Concert Encryption Problem Vulnerability (CNVD-2026-16135)

IBM Concert is IBM's collaborative application lifecycle management platform. IBM Concert has a security vulnerability that stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the vulnerability to decrypt highly sensitive information...

7.5CVSS5.9AI score0.00202EPSS
Exploits0
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’4 views

PT-2026-29352

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo’s admin plugin configuration endpoint admin/save.json.php is susceptible to cross-site request forgery CSRF attacks due to the absence of CSRF token validation. The application's configuration...

8.1CVSS5.9AI score0.00233EPSS
Exploits1References5
Cvelist
Cvelist
β€’added 2026/03/31 12:0 a.m.β€’20 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
β€’added 2026/03/31 12:0 a.m.β€’4 views

PT-2026-29359

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References3
FreeBSD
FreeBSD
β€’added 2026/03/31 12:0 a.m.β€’9 views

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

9.8CVSS5.9AI score0.00426EPSS
Exploits0References1
Packet Storm
Packet Storm
β€’added 2026/03/31 12:0 a.m.β€’143 views

πŸ“„ Google Keras 3.13.0 Denial of Service

A denial of service vulnerability exists in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 on all platforms. The vulnerability is caused by the absence of any validation or throttling when processing HDF5 dataset shape metadata declared inside a .keras archive...

7.5CVSS5.9AI score0.00299EPSS
Exploits3
Packet Storm
Packet Storm
β€’added 2026/03/31 12:0 a.m.β€’151 views

πŸ“„ NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution

nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...

10CVSS6.6AI score0.00777EPSS
Exploits3
Rows per page
Query Builder