126717 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.
Summary IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is...
Security Bulletin: IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702.
Summary IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python...
Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701.
Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to...
Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.
Summary IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js...
Security Bulletin: IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl which is vulnerable to CVE-2025-69277.
Summary IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1x8664.whl which is vulnerable to CVE-2025-69277. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving...
Security Bulletin: IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312.
Summary IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13473...
Security Bulletin: IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541.
Summary IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 to before...
Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146.
Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In version...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino
Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...
📄 Bludit CMS Shell Upload
Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...
Study of Post Quantum Status of Widely Used Protocols
The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to...
Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations
This whitepaper seeks to elucidate implications that the capabilities of developing quantum architectures have on blockchain vulnerabilities and mitigation strategies. First, we provide new resource estimates for breaking the 256-bit Elliptic Curve Discrete Logarithm Problem, the core of modern...
📄 Forcepoint One Endpoint macOS 25.08.5008 DLP Bypass
Forcepoint One Endpoint DLP Endpoint for macOS version 25.08.5008 with DLP Policy Engine version 10.2.0.298 allows a local standard non-admin user to bypass DLP content inspection and policy enforcement by sending SIGSTOP to user-owned browser helper processes Websense Endpoint Helper,...
PT-2026-36070
Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the dissection engine during LZ77 decompression can lead to a denial of service. LZ77 is a lossless data compression algorithm that replaces...
📄 Ghost CMS 6.19.0 SQL Injection
Ghost CMS versions 3.24.0 through 6.19.0 suffer from a remote SQL injection vulnerability via the content API. Exploit Title: Ghost CMS Unauthenticated SQLi via Content API Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =...
Security update for obs-service-recompress, obs-service-tar_scm (moderate)
openSUSE Security Update: Security update for obs-service-recompress, obs-service-tarscm Announcement ID: openSUSE-SU-2026:0109-1 Rating: moderate References: 1076410 1082696 1105361 1107507 1107944 1127353 1127907 1138377 1168573 1212476 1216361 927120 967265 Cross-References: CVE-2018-12473...
Security Bulletin: IBM Content Navigator is affected by Apache Xerces2
Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...
Security Bulletin: IBM Content Navigator is affected by CVE-2025-46392
Summary IBM Content Navigator is affected by CVE-2025-46392, an Uncontrolled Resource Consumption vulnerability CWE-400 in Apache Commons Configuration 1.x commons-configuration-1.7.jar. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in...
ANT-2026-VS18SA90 · nginx · Arbitrary File Write
arbitrary-file-write critical CVE-2026-27654 Severity Claude critical · Security research firm critical · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-VS18SA90: unauthenticated remot...
Exploit for Out-of-bounds Read in Microsoft
!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...