Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

SUSE-SU-2026:20400-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-22.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline bsc125120...

SUSE SLES15 Security Update : kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2025:4311-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4311-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.16 fixes one security issue The following security issue was fixed: - CVE-2025-38616:...

EUVD-2017-5506

Malware in sbrugna...

EUVD-2007-6422

Malware in sbrugna...

SUSE SLES15 Security Update : kernel (Live Patch 4 for SLE 15 SP4) (SUSE-SU-2023:4849-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4849-1 advisory. - Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

CVE-2023-41266

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

Path traversal

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

CVE-2023-41266

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...

Security Bulletin: IBM Security QRadar Packet Capture has released 7.3.1 Patch 1, and 7.2.8 Patch 4 in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following 7.3.1 Patch 1, and 7.2.8 Patch 4 for IBM QRadar Packet Capture in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754. Vulnerability Details CVEID: CVE-2017-5753 CVEID: CVE-2017-5715 CVEID: CVE-2017-5754 Affected Products and Versions IBM QRadar Packe...

Trend Micro Web Security - Remote Code Execution

This Metasploit module exploits multiple vulnerabilities together in order to achieve a remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual...

Trend Micro Web Security (Virtual Appliance) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities together in...

CVE-2019-20768

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...

Veeam Availability Console v3 Patch 4 (build 2795)

Challenge Veeam Availability Console v3 Patch 4 build 2795. This update supersedes Veeam Availability Console v3 Patch 3 build 2762. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 4. You can check this under Windows Programs and features. After...

CVE-2019-4470

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779...

Cross site scripting

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163618...

Cross site scripting

IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163779...

CVE-2019-4581

IBM QRadar SIEM (7.3.0–7.3.2 Patch 4) is vulnerable to cross-site scripting via the Web UI, allowing an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. Root cause: insufficient input validation/execution of untrusted script in the Web UI. Affe...

CVE-2019-4470

IBM QRadar SIEM (7.3.0–7.3.2 Patch 4) is vulnerable to cross‑site scripting that can inject arbitrary JavaScript into the Web UI and may lead to credentials disclosure within a trusted session. The primary affected component is the Web UI of QRadar; root cause is XSS in the UI rendering path. CVS...