Lucene search
+L

6433 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/03 7:18 a.m.27 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

9.8CVSS7.5AI score0.02474EPSS
Exploits7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 7:8 p.m.12 views

CVE-2026-48595 Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

8.2CVSS5.8AI score0.00396EPSS
Exploits2References4
NVD
NVD
added 2026/06/02 5:16 p.m.16 views

CVE-2024-42206

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 3:57 p.m.10 views

CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS5.8AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:57 p.m.39 views

CVE-2024-42206 HCL iReflection Use of Third party vulnerable and outdated components issue was detected in the web application.

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 3:57 p.m.18 views

CVE-2024-42206

Technical details are not publicly available in the provided documents. Monitor for updates on affected components, root cause, and remediation.

3.1CVSS5.8AI score0.00151EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:17 p.m.12 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, axios-1.13.5.tgz, protobufjs-7.3.2.tgz and axios-1.15.0.tgz which are vulnerable to CVE-2026-34073, CVE-2026-39892, CVE-2025-62718, CVE-2026-40175, PSIRT-WS-2026-0004, CVE-2026-41242, CVE-2026-42033,...

7.5CVSS6.2AI score0.00808EPSS
Exploits8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45793

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application...

3.1CVSS5.8AI score0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

HCL iReflection 安全漏洞

HCL iReflection is a IBM i system access and terminal emulation software developed by the Indian company HCL. HCL iReflection has a security vulnerability, which stems from the presence of third-party vulnerable and outdated components within the web application...

3.1CVSS5.3AI score0.00151EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview timmytuffknuckles3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview backupgenuine-updated is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generat...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden218 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview ishowfeet14 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview ishowfeet12 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden213 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.19 views

Malicious Package

Overview abuden210 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview backup3-ff is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/29 6:7 p.m.41 views

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

6.6AI score
Exploits0
EUVD
EUVD
added 2026/05/29 12:11 p.m.16 views

EUVD-2026-33283

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS5.9AI score0.00351EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 4:3 p.m.24 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses path-to-regexp-0.1.12.tgz, mlflow-3.9.0rc0-py3-none-any.whl, lodash-4.17.23.tgz, tomcat-embed-core-10.1.53.jar, spring-security-config-6.5.9.jar, Mako-1.3.8-py3-none-any.whl, uuid-11.1.0.tgz, spring-boot-3.5.13.jar, mako-1.3.11-py3-none-any.whl and...

8.7CVSS7.5AI score0.21691EPSS
Exploits8Affected Software1
Rows per page
Query Builder