CVE-2025-36114 IBM QRadar SOAR Plugin App path traversal

IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2025-33090

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption...

PT-2025-33914 · Rentsyst · Rentsyst

Name of the Vulnerable Software and Affected Versions: Rentsyst versions through 2.0.100 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting XSS. Recommendations: Update Rentsyst to a version later than...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.0 through 11.9.3 that stems from a file update mechanism that allows unauthenticated participants to modify...

PT-2025-33963 · WordPress · Wp Discord Post Plus – Supports Unlimited Channels

Name of the Vulnerable Software and Affected Versions: WP Discord Post Plus – Supports Unlimited Channels versions not specified through 1.0.2 Description: A Cross-Site Request Forgery CSRF issue exists in WP Discord Post Plus – Supports Unlimited Channels, allowing attackers to perform actions o...

PT-2025-34012 · Quanticalabs · Quanticalabs Cost Calculator

Name of the Vulnerable Software and Affected Versions: QuanticaLabs Cost Calculator versions through 7.4 Description: The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, specifically a Stored Cross-site Scripting XSS issue. This allows for the...

SUSE CVE-2025-54881

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

CVE-2025-54881 Mermaid improperly sanitizes of sequence diagram labels leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

PT-2025-33816

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...

CVE-2025-33100

IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

CVE-2024-49827

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering...

CVE-2025-1759

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVE-2025-33090 IBM Concert Software denial of service

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption...

CVE-2025-27909

IBM Concert Software versions 1.0.0–1.1.0 are affected by a cross-origin resource sharing (CORS) vulnerability. The issue arises because the software does not properly restrict allowed domains, potentially enabling an attacker to perform privileged actions within the application. Public sources d...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

BIT-POSTGRESQL-2025-8714 PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

PT-2025-33650 · Ibm · Ibm Storage Virtualize

Name of the Vulnerable Software and Affected Versions: IBM Storage Virtualize versions 8.4 through 8.7 Description: An authenticated user may be able to escalate their privileges within an SSH session due to incorrect authorization checks when accessing resources. Recommendations: IBM Storage...

Linux Distros Unpatched Vulnerability : CVE-2024-52303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur...

Linux Distros Unpatched Vulnerability : CVE-2022-3066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions...