Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...

CVE-2023-40683

IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...

EUVD-2013-0170

Malware in sbrugna...

EUVD-2021-18924

Malware in sbrugna...

EUVD-2016-7674

Malware in sbrugna...

EUVD-2013-5455

Malware in sbrugna...

EUVD-2025-16425

Malicious code in bioql PyPI...

CVE-2025-52985 Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching

A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with...

Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass

Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...

CVE-2022-30723

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2022-36227 DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...

Security Bulletin: Vulnerabilities in Eclipse jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerabilities in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...

Security Bulletin: Vulnerability in Spring Core affect watsonx.data

Summary Spring Core is vulnerable to security restriction bypass attacks, to denial of service attacks, and to arbritrary code excution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-1199 DESCRIPTION: Pivotal Spring Security and Spring Framework could allow a remot...

Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)

Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...

CVE-2024-9654

CVE-2024-9654 concerns Easy Digital Downloads for WordPress (versions 3.1–3.3.4). The issue is Improper Authorization in verify_guest_email, allowing unauthenticated attackers to view other users’ purchase receipts (which include a download link). Exploitation requires knowledge of another custom...

KLA77556 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory...

CVE-2024-52286

CVE-2024-52286 affects Stirling-PDF prior to 0.32.0. The Merge function uses untrusted file names directly in innerHTML (code starts at Line 24 in merge.js), enabling a self‑injection XSS where a user uploading a file with a crafted name can execute JavaScript in their own browser context. The vu...

PT-2024-34512 · Phpgurukul · Phpgurukul Beauty Parlour Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul's Beauty Parlour Management System version 1.1 Description: The issue is related to an Insecure Direct Object Reference IDOR vulnerability in the appointment-detail.php file. This vulnerability allows unauthorized access to the...