CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured...

PraisonAI 信息泄露漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained an information leakage vulnerability. This vulnerability stemmed from the AgentOS deployment platform not implementing authentication, and the default CORS...

GHSA-762R-27W2-Q22J Avo has a XSS vulnerability on `return_to` param

Description A reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is executed when he clicks a dynamically generated navigation button. Impact This...

CVE-2023-33247

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...

Talend Data Catalog 安全漏洞

Talend Data Catalog is a tool that combines data cataloging and metadata management from Talend. It is used to connect data from platforms, databases, and analytic tools to generate a holistic view of the information supply chain in a language everyone can understand. A security vulnerability...