Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses path-to-regexp-0.1.12.tgz, mlflow-3.9.0rc0-py3-none-any.whl, lodash-4.17.23.tgz, tomcat-embed-core-10.1.53.jar, spring-security-config-6.5.9.jar, Mako-1.3.8-py3-none-any.whl, uuid-11.1.0.tgz, spring-boot-3.5.13.jar, mako-1.3.11-py3-none-any.whl and...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.0 had code vulnerabilities. These vulnerabilities stemmed from a specific Gadget attack chain, which could potentially upgrade prototype pollution in any third-party dependencies into remote code execution or...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses assertj-core-3.27.6.jar, minimatch-3.1.2.tgz, flask-3.1.2-py3-none-any.whl and werkzeug-3.1.5-py3-none-any.whl third party dependencies which is vulnerable to CVE-2026-24400, CVE-2026-26996, CVE-2026-27205 and CVE-2026-27199. This bulletin...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"langchaincore-0.3.29-py3-none-any.whl, langchaincore-0.3.80-py3-none-any.whl, jsonpath-plus-8.1.0.tgz, mlflow-2.19.0-py3-none-any.whl, pg8000-1.31.2-py3-none-any.whl" which are vulnerable to "CVE-2025-68664, CVE-2024-21534,...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"base-x-4.0.0.tgz, body-parser-1.20.2.tgz, cross-spawn-7.0.3.tgz, glob-10.4.2.tgz, path-to-regexp-0.1.7.tgz, qs-6.13.0.tgz, qs-6.14.0.tgz, qs-6.5.3.tgz, urllib3-2.6.2-py3-none-any.whl" which are vulnerable to "CVE-2025-27611,...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses "FlaskCors-4.0.2-py2.py3-none-any.whl, langchaincommunity-0.3.3-py3-none-any.whl, langchaincore-0.3.29-py3-none-any.whl, langchaintextsplitters-0.3.5-py3-none-any.whl, pdfminersix-20250327-py3-none-any.whl,...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "bcpkix-jdk18on-1.78.1.jar, golang.org/x/net/html v0.26.0 v0.33.0 , java 17.0.13 11.0.25, github.com/docker/docker v27.3.1 v25.0.6, github.com/go-viper/mapstructure/v2, golang.org/x/net/proxy v0.33.0,github.com/ulikunitz/xz v0.5.11 " which are vulnerable ...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "serve-static-1.15.0.tgz, cookie-0.6.0.tgz, send-0.18.0.tgz, express-4.19.2.tgz, requests v2.25.1, idna v2.1" which are vulnerable to "CVE-2024-43800, CVE-2024-47764, CVE-2024-43799, CVE-2024-43796, CVE-2023-32681, CVE-2024-35195, CVE-2024-3651". This...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT uses pip-22.3.1.dist-info, zipp-3.18.1.dist-info, jinja2-3.1.4.dist-info, jinja2-3.1.4.dist-info, pip-20.2.4.dist-info, cryptography-44.0.0.dist-info, urllib3-1.26.18.dist-info, ansiblecore-2.15.11.dist-info, ansiblecore-2.15.11.dist-info,...

Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Asset Data Dictionary uses...

GHSA-C3HM-HXWF-G5C6 vodozemac has degraded secret zeroization capabilities

Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag while vodozemac disabled the default feature set. Impact The degraded...

CVE-2024-34063 Degraded secret zeroization capabilities in vodozemac

vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies the Dalek crates, which moved secret zeroization capabilities behind a feature flag and...

Mitigating Risk with Custom First-Party Software and Application Components: A CISOs’ Guide

What is First-Party Software Anyway? First-party software, unlike off-the-shelf ‘Third-Party’ software, is custom open-source software OSS and applications created by organizations to stitch together existing software to meet custom business needs. Nearly every company today uses some form of...

APSB23-27 : Security update available for Adobe Dimension

Adobe has released an update for Adobe Dimension. This update addresses critical and important vulnerabilities in Adobe Dimension including third party dependencies. Successful exploitation could lead to memory leak and arbitrary code execution in the context of the current user...

APSB23-10 : Security update available for Adobe Dimension

Adobe has released an update for Adobe Dimension. This update addresses critical and important vulnerabilities in Adobe Dimension and third party dependencies. Successful exploitation could lead to memory leak and arbitrary code execution in the context of the current user...

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk. EFI Development Kit, aka EDK, is an open source implementation of the Unified Extensible Firmware Interfac...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 aka text4shell PoC for recently discovered vu...