PT-2026-42777

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

Astra Linux - уязвимость в python-idna

A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises from the function’s handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This...

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

K000160557: OpenSSL vulnerability CVE-2025-69418

Security Advisory Description Issue summary: When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths, inputs whose length is not a multiple of 16 bytes can leave the final partial block unencrypted and unauthenticated. Impact summary: The trailing 1-15 bytes...

Linux Distros Unpatched Vulnerability : CVE-2016-20042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the...

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

CVE-2026-1588

A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.operator.DefaultPluginOperator. The manipulation of the argument path results in path traversal. It...

jshERP path traversal vulnerability

jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “path” in the file /jshERP-boot/plugin/installByPath, which could lead to path traversal...

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

PT-2026-5231

Name of the Vulnerable Software and Affected Versions jishenghua jshERP versions up to 3.6 Description A security issue exists in jishenghua jshERP. The getBillItemByParam function within the com.jsh.erp.datasource.mappers.DepotItemMapperEx component, located in the file...

CVE-2025-15468

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

Luidia eBeam Interactive Suite code-related vulnerabilities

Luidia eBeam Interactive Suite is an interactive software platform developed by Luidia Corporation. Version 3.6 of the eBeam Interactive Suite contains a code vulnerability. This vulnerability stems from the eBeam Stylus Driver service having a service path that lacks quotes, which may allow loca...

Astra Linux - уязвимость в openssl

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

CVE-2025-14847

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to 8.2.3,...

EUVD-2020-7093

Malware in sbrugna...

EUVD-2022-3932

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-20802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner...

Linux Distros Unpatched Vulnerability : CVE-2020-7929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects Mongo...