Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - GlobalProtect portal Authentication Bypass...

PT-2026-41961

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2024-57699 was introduced in versions 5.12.29, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center and...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2024-25621)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25621 advisory. - containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0...

Qnap QTS and QuTS hero NULL Pointer Dereference (CVE-2025-52424)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

PT-2026-1861

Name of the Vulnerable Software and Affected Versions Axtion ODISSAAS ODIS version 1.8.4 Description A DLL hijacking issue exists in Axtion ODISSAAS ODIS version 1.8.4. This allows attackers to execute arbitrary code by utilizing a specially crafted DLL file. The vulnerability involves the...

PT-2026-1776

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System that allows for remote operating system command injection. This issue stems from the...

EUVD-2025-204961

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows users with application/service management permissions to execute...

Debian dla-4374 : pdfminer-data - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4374 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4374-1 [email protected] https://www.debian.org/lts/security/...

PT-2025-45158

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated attackers can inject arbitrary web scripts or HTML through the chat message input field. This...

CVE-2025-30277

An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central...

PT-2025-14745 · WordPress · Getbookingswp

Name of the Vulnerable Software and Affected Versions: GetBookingsWP versions 1.1.27 and earlier Description: The issue is related to a Missing Authorization vulnerability in the GetBookingsWP plugin, which allows exploitation of incorrectly configured access control security levels...

PT-2025-14739 · Pixelgrade · Category Icon

Name of the Vulnerable Software and Affected Versions: Category Icon versions through 1.0.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the pixelgrade Category Icon...

PT-2025-14259

Name of the Vulnerable Software and Affected Versions WebinarPress versions 1.33.27 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations For versions...

Advisory ROSA-SA-2025-2782

Software: c-ares 1.13.0 OS: ROSA Virtualization 3.0 packageevrstring: c-ares-1.13.0-11.rv30 CVE-ID: CVE-2024-25629 BDU-ID: 2024-01708 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the aresreadline function of the C-ares asynchronous DNS query library is related to an operation exceeding buffer...

PT-2025-7858

Name of the Vulnerable Software and Affected Versions Jürgen Müller Easy Quotes versions 1.2.2 and earlier Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command...

PT-2025-7179 · Prezi · Prezi Embedder

Name of the Vulnerable Software and Affected Versions: Prezi Embedder versions prior to 2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2025-6282 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Adobe Illustrator versions 29.1, 28.7.3 and earlier Description: The issue is a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio...

PT-2025-6240 · Ivanti · Ivanti Connect Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.6 Ivanti Policy Secure versions prior to 22.7R1.3 Description: The issue allows a remote unauthenticated attacker to obtain admin privileges. It requires user interaction. Recommendations: For...