Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jw...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework [CVE-2025-41249]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework, due to an issue where the annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python [CVE-2025-4435]

Summary IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python, due to an issue with 'TarFile.errorlevel = 0 ' that causes filtered members to be skipped and not extracted CVE-2025-4435. Python is used in our speech service runtimes. This vulnerabilitiy has been...

EUVD-2009-3528

Malware in sbrugna...

EUVD-2015-5175

Malware in sbrugna...

EUVD-2020-11846

Malware in sbrugna...

Imprivata Enterprise Access Management 授权问题漏洞

Imprivata Enterprise Access Management is an identity and access management system from Imprivata Corporation, USA. An authorization issue vulnerability exists in Imprivata Enterprise Access Management versions 5.3 through 24.2, which stems from insufficient handling of keyboard shortcuts and cou...

CVE-2014-0468

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories SVN, Git, Bzr.... This issue affects fusionforge: before 5.3+20140506...

CVE-2025-46493 WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3...

CVE-2023-29868

Zammad 5.3.x Fixed in 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions...

CVE-2021-43098

A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function...

CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the tdajaxgetviews AJAX action. This makes it possible for unauthenticated attackers to inject malicious web...

WordPress Just Writing Statistics plugin <= 5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Just Writing Statistics versions = 5.3...

PT-2024-11700 · WordPress · Limit Login Attempts

Name of the Vulnerable Software and Affected Versions: Limit Login Attempts Spam Protection plugin for WordPress versions up to, and including, 5.3 Description: The issue arises from insufficient restrictions on where the IP Address information is being retrieved for request logging and login...

Acronis Cyber Infrastructure Default Password Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'Acronis Cyber Infrastructure default password remote code execution', 'Description' = %q Acronis Cyber Infrastructure ACI is an ...

RHSA-2024:4118 Red Hat Security Advisory: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement update

Bulletin has no description...

CVE-2024-0643

Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise...

PT-2024-15712 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic product version 5.3 Description: The issue allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise. This is due to an unrestricted upload of...

strongSwan 5.3.x < 5.9.12 RCE Vulnerability

strongSwan is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-28677 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions prior to 5.3 Description: The issue allows an authenticated, local attacker to exploit a Restricted Shell Bypass vulnerability by authenticating to the device CLI and issuing certain commands. Recommendations: For versions...