58 matches found
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
Unsafe Dependency Resolution
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which was affected by identity spoofing which is vulnerable to CVE-2026-3621
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which was affected by identity spoofing which is vulnerable to CVE-2026-3621. This bulletin contains information addressing the vulnerability. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225
Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...
Improper Authentication
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Authentication via the bootstrap config endpoint. An attacker can access sensitive configuration fields intended for authenticated sessions by sending unauthenticated requests to...
Allocation of Resources Without Limits or Throttling
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the data.pipereq upload path in the HTTP adapter. An attacker can send a streamed request body...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38079, CVE-2025-38292 Vulnerability Details CVEID:CVE-2025-38079 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix...
Security Bulletin: Vulnerability in iperf affects IBM Netezza Appliance
Summary The iperf package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-54349 Vulnerability Details CVEID:CVE-2025-54349 DESCRIPTION: In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow...
Security Bulletin: Vulnerability in curl affects IBM Netezza Appliance
Summary The curl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9086 Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to...
Security Bulletin: Vulnerability in wheel affects IBM Netezza Appliance
Summary The wheel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-24049 Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0...
Security Bulletin: Vulnerability in curl affects IBM Netezza Appliance
Summary The curl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9086 Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to...
Incorrect Authorization
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the configuration for SSL certificate and key file paths due to incorrect option name checks. An attacker can gain unauthorized...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
PT-2026-12: OOB memory read in a handler of the command in Yokogawa Centum VP
The vulnerability was identified in Centum VP, versions R1.07.00 or earlier. The discovered vulnerability allows an attacker to to perform an out‑of‑bounds memory read in the command handler, because the code fails to validate integer overflow and does not check that length fields of...
Missing Authentication for Critical Function
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authentication for Critical Function via config.apply. An attacker can execute arbitrary commands as the gateway process user by supplying crafted cliPath values through the Gatew...
Arbitrary Code Injection
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Arbitrary Code Injection in the map function, where closures and arrays are not properly checked against the allow list. Note: This is a regression of the fix to CVE-2023-2017. Remediatio...
BIT-GHOST-2026-22596 Ghost has SQL Injection in Members Activity Feed
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...
PT-2026-2221
Name of the Vulnerable Software and Affected Versions OpenProject versions 16.6.1 and below Description OpenProject is a web-based project management software. A registered administrator can execute arbitrary commands by configuring the sendmail binary path and sending a test email. The issue...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...
Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182.
Summary IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server...