Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

CVE-2026-45701

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6...

CVE-2026-42682 WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

CVE-2026-22597 Ghost has SSRF via External Media Inliner

Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...

CVE-2022-3066

creationtimestamp| type| source ---|---|--- 2025-05-13 16:30:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16158...

Moderate: Red Hat Bug Fix Advisory: Red Hat build of Apicurio Registry 3.0.6 Beta OpenShift images

3.0.6 Beta release of Red Hat build of Apicurio Registry. This advisory makes available an update to the Red Hat build of Apicurio Registry images...

UBUNTU-CVE-2024-49767

Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but effective...

Leantime Systems Leantime 安全漏洞

Leantime Systems Leantime is an open source PHP and MySQL based project management system from Leantime Systems, Inc. A security vulnerability exists in Leantime Systems Leantime version 3.0.6, which stems from vulnerability to cross-site request forgery CSRF attacks and allows an attacker to...

Weston Embedded uC-TCP-IP Security Vulnerability

Weston Embedded uC-TCP-IP is a TCP/IP stack for embedded systems from Weston Embedded. A security vulnerability exists in Weston Embedded uC-TCP-IP version v3.06.01 that stems from a denial of service vulnerability in the ICMP and ICMPv6 parsing functions...

PT-2023-35497 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.306 Description: The issue concerns a potential NULL dereference in the pinctrl single component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-26953 · Siemens · Simcenter Star-Ccm+

Name of the Vulnerable Software and Affected Versions: Simcenter STAR-CCM+ versions prior to V2306 Description: A vulnerability has been identified in the affected application, where it improperly assigns file permissions to installation folders. This could allow a local attacker with an...

CVE-2022-30601

creationtimestamp| type| source ---|---|--- 2022-08-19 00:23:03+00:00| seen| https://t.me/cibsecurity/48416 2026-03-09 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0252/...

CVE-2022-30688

creationtimestamp| type| source ---|---|--- 2022-05-17 22:27:47+00:00| seen| https://t.me/cibsecurity/42852...

AZL-44928 CVE-2020-11760 affecting package OpenEXR 2.3.0-6

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp...

CVE-2018-1393

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378...