Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.

Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

CVE-2025-68147

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

CVE-2025-9955

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

CVE-2025-9955

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

CVE-2025-9955

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration

An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...

Store Configuration by Server Based Discovery Fails

When attempting to configure Receiver Stores by entering in address of StoreFront server in Email/Server Based Discovery dialog, the following error appears: "Your account cannot be added using this server address. Make sure you entered it correctly. You may need to enter your email address...

CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

Authentication flaw

vRealize Operations for Horizon Adapter 6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1 has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypa...

CVE-2020-3944

CVE-2020-3944 concerns VMware vRealize Operations for Horizon Adapter. The issue is an improper trust store configuration that leads to an authentication bypass. An unauthenticated remote attacker with network access to vRealize Operations, while the Horizon Adapter is running, could bypass adapt...

VMSA-2020-0003:vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities

Advisory ID: VMSA-2020-0003 CVSSv3 Range: 5.3-9.0 Issue Date:2020-02-18 Updated On: 2020-02-18 Initial Advisory CVEs: CVE-2020-3943, CVE-2020-3944, CVE-2020-3945 Synopsis: vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities CVE-2020-3943, CVE-2020-3944,...

PRODSECBUG-2321: Filter extension bypass via crafted store configuration keys

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

How to Configure a Store Using PowerShell

This article lists and explains the commands to create and configure a store using PowerShell...

Input validation

Multiple unspecified "input validation" vulnerabilities in the Web management interface aka Messaging Administration interface in Avaya Message Storage Server MSS 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user...