CVE-2026-34652

Adobe Commerce (Magento) versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. The issue is caused by a vulnerable third-party comp...

[R2] Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1

R2 Stand-alone Security Patch Available for Tenable Security Center Versions 6.5.1, 6.6.0, 6.7.2 and 6.8.0: SC202604.1 Aaron Roy Tue, 04/07/2026 - 11:35 Security Center leverages third-party software to help provide underlying functionality. A third-party component PostgreSQL was found to contain...

EUVD-2022-0062

Malicious code in bioql PyPI...

EUVD-2024-37377

Malicious code in bioql PyPI...

EUVD-2022-0393

Malicious code in bioql PyPI...

EUVD-2022-0058

Malicious code in bioql PyPI...

EUVD-2024-51046

Malicious code in bioql PyPI...

EUVD-2024-34318

Malicious code in bioql PyPI...

EUVD-2024-34304

Malicious code in bioql PyPI...

Third-Party Dependency in Crowd Data Center

Note: Aligning with our security bug fix policy|https://www.atlassian.com/trust/security/bug-fix-policy, this vulnerability has been fixed in our latest release only This Critical severity Third-Party Dependency vulnerability was introduced in version 6.1.1 of Crowd Data Center. This Third-Party...

Improper Authorization org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, and 10.6.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...

RCE (Remote Code Execution) com.typesafe.akka:akka-actor_2.11 Dependency in Crowd Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticat...

CVE-2024-11157

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

CVE-2024-12672

Rockwell Automation Arena® contains use-after-free and out-of-bounds write vulnerabilities in processing DOE files, allowing a threat actor to achieve arbitrary code execution when a legitimate user runs crafted DOE content. The issues originate from improper memory handling in the affected code ...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software

Summary Various 3rd party software packages are used by the underlying platform of IBM Cloud Pak for Data. These packages are used for the building of binaries, installation of software and within the provided services. The fixed CVEs are listed below. Vulnerability Details CVEID:CVE-2022-23806...

15 vulnerabilities discovered in software development kit for wireless routers

Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...

CVE-2023-2713 IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform.

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15...

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

Democritus Project d8s-grammars Code Execution Vulnerability

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project version 0.1.0, which stems from a potential code execution backdoor in d8s-grammars inserted by a third party,...

[R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability

R1 Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability Arnie Cabral Thu, 03/31/2022 - 14:27 Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components OpenSSL was found to contain vulnerabilities, and an updated...