CVE-2026-6902

A Remote Code Execution vulnerability in P4 Helix Core Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks...

CVE-2026-6902 Code Injection in Perforce P4 (Helix Core)

A Remote Code Execution vulnerability in P4 Helix Core Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks...

CVE-2026-6902

CVE-2026-6902 affects the Command-Line Client in Perforce P4 Server (Helix Core). The vulnerability is described as a code-injection issue in the Command-Line Client prior to the 2025.2 Patch 2 release, with fixes implemented in P4 Server to address the risk. The connected documents identify the ...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources in net/url [CVE-2025-61726]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources due to a failure of the net/url package to set a limit on the number of query parameters in a queryCVE-2025-61726. Net/url is used in our speech utilities. This vulnerabilitiy has been addressed. Please...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls [CVE-2025-68121]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls, due to false validation between the initial handshake and the resumed handshake when the Config has its ClientCAs or RootCAs fields mutated CVE-2025-68121. Crypto/tls is used in our speech...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK [CVE-2025-14009]

Summary IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK, due to an issue in in the NLTK downloader component of nltk/nltk that causes the unzipiter function in nltk/downloader.py to fail to perform path validation or security checks CVE-2025-14009. NLTK is used in our...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools [CVE-2025-47273]

Summary M Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools, due to an issue that allows users to download, build, install, upgrade, and uninstall Python packages CVE-2025-47273. Setuptools is used in our speech service runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...

openSUSE 16 Security Update : kernel (Live Patch 2 for SUSE Linux Enterprise 16) (openSUSE-SU-2026:20310-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20310-1 advisory. This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue The following security issue was fixed: - CVE-2025-40130:...

EUVD-2000-1060

Malware in sbrugna...

EUVD-2015-8841

Malware in sbrugna...

EUVD-2018-1783

Malware in sbrugna...

EUVD-2024-49529

Malicious code in bioql PyPI...

EUVD-2022-44226

Malicious code in bioql PyPI...

CVE-2025-59142

CVE-2025-59142 affects the color-string library (JavaScript) with a malware payload injected in version 2.1.1 after an npm account take-over. The payload targets browser contexts to attempt redirection of cryptocurrency transactions (e.g., to attacker wallets) when the package is used in web envi...

Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-150700536 fixes several issues. The following security issue was fixed: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070078 fixes several issues. The following security issue was fixed: CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

CVE-2020-11737

A cross-site scripting XSS vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring including the quotes followed...

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...