Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)

Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

EUVD-2022-32376

Malicious code in bioql PyPI...

EUVD-2021-6533

Malicious code in bioql PyPI...

EUVD-2024-0853

Malicious code in bioql PyPI...

com.liferay.faces:liferay-faces-alloy (>=3.0.1-ga2 <=3.0.2-ga3), com.liferay.faces:liferay-faces-bridge-impl (>=3.0.0-ga1 <=3.0.5-ga6) +37 more potentially affected by CVE-2025-43809 via com.liferay.portal:portal-service (>=6.0.2 <=6.0.6)

com.liferay.portal:portal-service MAVEN version =6.0.2, =3.0.1-ga2, =3.0.0-ga1, =3.0.0-ga1, =6.0.2, =6.0.2, =6.0.2, =6.0.2, =6.0.2, =7.7.36, =7.0.0, =1.4.5.1, =0.6.0, =0.7.0, =2.4, =2.4-RC1 - org.aperteworkflow.contrib:liferay-6.0-document-provider =1.1.1 and more Source cves: CVE-2025-43809 Sour...

Linux Distros Unpatched Vulnerability : CVE-2020-2580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.17 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2022-41999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. A...

PT-2025-33513 · Hcl · Hcl Bigfix Saas Authentication Service

Name of the Vulnerable Software and Affected Versions: HCL BigFix SaaS Authentication Service affected versions not specified Description: HCL BigFix SaaS Authentication Service is affected by a SQL injection issue. The issue allows potential attackers to manipulate SQL queries. Recommendations: ...

CVE-2025-26484

Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service...

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service...

CVE-2024-50387

CVE-2024-50387 is a SQL-injection vulnerability in QNAP SMB Service affecting multiple QNAP operating system versions. The connected documents confirm the flaw allows remote attackers to inject malicious code, with root causes tied to improper handling of input that enables SQL query manipulation...

PT-2023-21287 · Who · Who

Name of the Vulnerable Software and Affected Versions: WHO versions 1.0.28 through 1.0.32 Description: An issue allows an attacker to cause a denial of service via the SharedPreference files. Recommendations: For versions 1.0.28 through 1.0.32, consider restricting access to the SharedPreference...

PT-2022-24207 · Solarwinds · Solarwinds Sem +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue discloses build and services versions in the server response header. There is no information provided about the estimated number of potential...

CVE-2022-21949

A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue...

Design/Logic Flaw

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...

Apache Jena Fuseki Cross-Site Scripting Vulnerability

Apache Jena Fuseki is a SPARQL server from the Apache Foundation USA. It can run as an operating system service, as a Java Web application WAR file, and as a standalone server. A cross-site scripting vulnerability exists in Apache Jena Fuseki versions 2.0.0 through 4.0.0, which can be exploited b...

CVE-2021-27622

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory whic...

com.ge.research.semtk:arangoDbService (=2.2.2), com.ge.research.semtk:athenaService (=2.2.2) +136 more potentially affected by CVE-2018-1284 via org.apache.hive:hive-service (>=0.8.0 <=2.3.2)

org.apache.hive:hive-service MAVEN version =0.8.0, =2.2.1, =2.2.1, =2.2.1, =2.2.2 - com.ge.research.semtk:sparqlGraphResultsService =2.2.2 and more Source cves: CVE-2018-1284 Source advisory: OSV:GHSA-RXMR-C9JM-7MM8...

Localize: Numerous open ports/services

Looks like you have numerous open ports that also show service versions. An attacker can leverage this information when trying an attack. Ports should be filtered and banners should be removed/generalized. nmap -sV www.localize.io Starting Nmap 6.40-2 http://nmap.org at 2014-04-18 11:08 PDT Stats...