394 matches found
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-26996)
Summary IBM Security SOAR uses an older version of the minimatch component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.1 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION:...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-13465)
Summary IBM Security SOAR uses an older version of the Lodash component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-24001)
Summary IBM Security SOAR uses an older version of the jsdiff component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff ...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-1188)
Summary IBM Security SOAR uses an older version of the OMR component in OpenJ9 JVM that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTIO...
CVE-2018-1000203
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f latest release as of Sept 2017 contains an intentional backdoor vulnerability in the function zerofeetransaction that can result in theft of Soar Coins by the "onlycentralAccount" Soar Labs after...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-57352)
Summary IBM Security SOAR uses an older version of min-document that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.8.1 or later. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION...
EUVD-2025-201881
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
CVE-2025-13428 RCE in SecOps SOAR server via user-provided Python packages
A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution RCE in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containi...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-9670)
Summary IBM Security SOAR uses an older version of the turndown javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.8.0 Vulnerability Details CVEID:CVE-2025-9670 DESCRIPTION...
Security Bulletin: Due to the use of Swagger UI, IBM Security SOAR is vulnerable to spoofing attacks..
Summary IBM Security SOAR uses Swagger-UI internally. CVE-2025-25031 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-7783)
Summary IBM Security SOAR uses an older version of the form-data javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.7.1 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTIO...
Security Bulletin: Due to use of Java SE, IBM Security SOAR is affected by unspecified vulnerabilities (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 & CVE-2025-30754)
Summary IBM Security SOAR uses Java SE library internally. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracl...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-5889)
Summary IBM Security SOAR uses an older version of brace-expansion that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.7.1 or later. Vulnerability Details CVEID:CVE-2025-5889...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-58754)
Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address this issue. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When...
EUVD-2020-25880
Malware in sbrugna...
EUVD-2020-26111
Malware in sbrugna...
EUVD-2020-25882
Malware in sbrugna...
EUVD-2018-1876
Malware in sbrugna...
EUVD-2021-16259
Malware in sbrugna...
EUVD-2025-27633
Malicious code in bioql PyPI...