CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Restriction of XML External Entity Reference

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities...

CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms Information Disclosure

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

CVE-2024-2288

A Cross-Site Request Forgery CSRF vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without thei...

CVE-2025-9122

Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework exposes the full server stack trace when errors occur in the GetCdfResource servlet. Affected versions include before 10.2.0.4, specifically 9.3.0.x and 8.3.x. Impact is information disclosure of internal stack d...

EUVD-2017-11911

Malware in sbrugna...

EUVD-2024-27243

Malicious code in bioql PyPI...

mysql: InnoDB unspecified vulnerability (CPU Jul 2025)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

DEBIAN-CVE-2025-58174

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script for example a script element. An...

Grafana 8.5.x < 8.5.21 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 8.5.21, or 9.2.x earlier than 9.2.13, or 9.3.x earlier than 9.3.8. It is, therefore, affected by multiple vulnerabilities: - A Cross-site Scripting vulnerability. - A Cross-site Scripting...

CVE-2024-52896

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

WordPress Message ticker plugin <= 9.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Message ticker versions = 9.3...

IBM MQ 9.3 < 9.3.0.26 LTS / 9.3 < 9.4 CD / 9.4 < 9.4.0.7 LTS (7178243)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7178243 advisory. - IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being...

CVE-2024-10976

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

PT-2024-13897 · Ibm · Ibm Cics Transaction Gateway For Multiplatforms

Name of the Vulnerable Software and Affected Versions: IBM CICS Transaction Gateway for Multiplatforms versions 9.2 through 9.3 Description: The issue concerns the transmission and storage of authentication credentials by the software, which uses an insecure method. This makes the credentials...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions 9.3.x prior to 9.3.1, 9.2.x prior to 9.2.3, and 9.1.x prior to 9.1.6, which originates from a low-privileged user being able...

IBM MQ 9.1 < 9.1.0.23 LTS / 9.2 < 9.2.0.27 LTS / 9.3 < 9.3.0.21 LTS / 9.3 < 9.4 CD / 9.4 < 9.4.0.5 LTS (7167208)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7167208 advisory. - IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVE-2024-40681 No...

Security Bulletin: IBM MQ Appliance vulnerable to bypassing security restrictions (CVE-2024-40681)

Summary IBM MQ Appliance has addressed a security bypass vulnerablity. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS Base score: 7...

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition (CVE-2023-50310 and CVE-2023-50311).

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50311 DESCRIPTION: IBM CICS Transaction Gateway could...