6710 matches found
FREEDOM Administration - Default Login
The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
EUVD-2026-41865
Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue...
WordPress Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations plugin <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ilkeggs in WordPress Plugin Trust.Reviews versions = 2.7.3...
CVE-2026-44740
A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...
Important: Red Hat Security Advisory: General availability of the satellite/iop-insights-engine-rhel9 container image
A new satellite/iop-insights-engine-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
SUSE CVE-2026-53404
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
Linux Distros Unpatched Vulnerability : CVE-2026-49434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entrie...
CVE-2026-49432 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: STOMP negative content-length enables denial of service
Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...
CVE-2026-50229
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
CVE-2026-50229
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...
PT-2026-50976
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9.0 Description Improper input handling in the toCedarExpr method on Cedar Value types allows for Cedar-expression injection. The method fails to...
Important: Red Hat Security Advisory: General availability of the satellite/iop-insights-engine-rhel9 container image
A new satellite/iop-insights-engine-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...
Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image
A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...
Important: Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image
A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, an...
CVE-2026-50645
There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...
CVE-2026-49875
Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band OOB external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue...
EUVD-2026-36398
A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' parameter is concatenated without sanitizing Carriage Return CR and Line Feed LF characters. If an attacker can control the realm value, they can injec...
Security Bulletin: IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang
Summary IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML...
ECYSAP EYE: From Cyber Situational Awareness to Mission-Centric Decision Support for Enhanced Cyberspace Operations
Operational organizations increasingly require Cyber Situational Awareness CySA capabilities that go beyond isolated technical alerts, providing mission-relevant artefacts that can be embedded into heterogeneous toolchains and cyber security or cyber defense processes. ECYSAP EYE addresses this...