Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by remote code execution

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by remote code execution CVE-2026-9311, CVE-2026-9330 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

CVE-2026-27204

CVE-2026-27204 involves Wasmtime’s WASI host interfaces, where guest code could exhaust host resources due to insufficient limits on resource allocations. Affected versions prior to fixes include 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0. The fixes are released in Wasmtime 24.0.6, 36.0.6, 40.0.4...

CVE-2024-48019

CVE-2024-48019 : Apache Doris is affected by a path-traversal vulnerability exploitable via the REST API, allowing admins to read arbitrary files on the server. Connected sources specify affected versions are prior to 2.1.8 and prior to 3.0.3, with upgrades to 2.1.8+ or 3.0.3+ recommended as the ...

CVE-2024-56332

Next.js DoS/DoW vulnerability (CVE-2024-56332) affects Next.js deployments using Server Actions, prior to versions 13.5.8, 14.2.21, and 15.1.2. Attackers can craft requests that leave Server Actions hanging, potentially exhausting hosting resources and raising bills. The issue is mitigated by upg...

UBUNTU-CVE-2023-7158

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function sliceindices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public...

AZL-32073 CVE-2023-49288 affecting package squid 5.7-5

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

PT-2023-24675 · Unknown · Fast-Xml-Parser

Name of the Vulnerable Software and Affected Versions: fast-xml-parser versions prior to 4.2.4 Description: The issue allows special characters in entity names, which are not escaped or sanitized. This can be abused for denial of service DoS attacks by crafting an entity name that results in an...

PT-2022-16919 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.3.2 Description: The return of .returns int128 is not validated to fall within the bounds of int128, which can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, .returns...

PYSEC-2020-134

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

PT-2020-11915 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.7 through 12.8.1 Description: The issue allows for information disclosure under certain group conditions, where group epic information was unintentionally being disclosed. Recommendations: For GitLab versions 11.7 through...

Slackware: Security Advisory (SSA:2007-178-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...