Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).

Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-12635 and CVE-2025-14914).

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-12635 and CVE-2025-14914. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTIO...

CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms Information Disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...

CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1...

EUVD-2015-1340

Malware in sbrugna...

EUVD-2017-9310

Malware in sbrugna...

EUVD-2025-25027

Malicious code in bioql PyPI...

EUVD-2021-9785

Malicious code in bioql PyPI...

CVE-2025-49430

Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-49430 WordPress Ultimate Video Player Plugin <= 10.1 - Server Side Request Forgery (SSRF) Vulnerability

Server-Side Request Forgery SSRF vulnerability in FWDesign Ultimate Video Player fwduvp allows Server Side Request Forgery.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-49432

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...

CVE-2025-49432 WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through = 10.1...

Grafana 10.2.x < 10.2.4 Incorrect Authorization

According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration aka Templateconfiguration, as demonstrated by the src attribute of an IMG element. This is fixed in 10.1...

PT-2025-22401 · Hypr · Hypr Passwordless

Name of the Vulnerable Software and Affected Versions: HYPR Passwordless versions prior to 10.1 Description: The issue is related to an Improper Link Resolution Before File Access, also known as 'Link Following', which allows Privilege Escalation in HYPR Passwordless on Windows. Recommendations:...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from insufficient HTML content...

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...

CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...