Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-27139 DESCRIPTION: On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference ...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior...

Rethinking MDR as Attackers and Defenders Embrace AI

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape ha...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

Security Bulletin: Multiple vulnerabbilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition core components

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 17.0.18.0, which is used by IBM Tivoli Network Manager IP Edition v4.2 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access...

Exploit for CVE-2026-48907

🚨 CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated...

Exploit for CVE-2026-35273

🚨 CVE-2026-35273 - Oracle PeopleSoft PeopleTools Unauthenticat...

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...

Security Bulletin: The IBM Common Licensing product using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Java SE (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933).

Summary IBM Event Streams is affected by multiple vulnerabilities in Java SE. These vulnerabilities could allow a remote attacker to cause a denial of service condition, bypass security restrictions, or perform unauthorized operations on data processed by affected Java components. Vulnerability...

Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities

Summary IBM Event Processing is affected by Multiple vulnerabilities and were addressed in IBM Event Processing version 1.5.3 Vulnerability Details CVEID:CVE-2026-27148 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions...

Security Bulletin: IBM TRIRIGA Cross-Site Scripting Vulnerability

Summary IBM TRIRIGA is affected by a Cross-Site Scripting XSS vulnerability that could allow a remote authenticated user to inject malicious script into a web page viewed by other users. Successful exploitation could result in execution of arbitrary script within the victim's browser session. IBM...

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

Langflow AI <= 1.6.9 - CORS Misconfiguration

Langflow AI versions 1.6.9 and earlier are vulnerable to a CORS misconfiguration that allows any origin to make credentialed requests. Combined with SameSite=None cookies, this enables cross-origin token theft and subsequent remote code execution via the /api/v1/validate/code endpoint. id:...

Strapi Versions <=4.5.6 - Authentication Bypass

Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that...

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

LatePoint <= 5.0.12 - Authentication Bypass

LatePoint plugin for WordPress versions up to 5.0.12 contains an authentication bypass caused by insufficient verification of user during booking, letting unauthenticated attackers log in as any existing user if they have user ID access, exploit requires access to user ID, and the 'Use WordPress...

Contact Form 7 Drag and Drop Multiple File Upload - Arbitrary File Upload

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and...

Imgproxy < 3.14.0 - Cross-site Scripting (XSS)

Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. id: CVE-2023-1496 info: name: Imgproxy 3.14.0 - Cross-site Scripting XSS author: pdteam severity: medium description: Cross-site Scripting XSS - Reflected in GitHub repository imgproxy/imgproxy prior to...