Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by command injection.

Summary glob-10.4.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64756. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command...

EUVD-2026-35896

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

Astra Linux - уязвимость в qtimageformats-opensource-src

When loading a specially crafted ICNS format image file in QImage, it will cause a crash. This issue affects Qt versions 6.3.0 through 6.5.9, 6.6.0 through 6.8.4, and 6.9.0. This issue has been fixed in versions 6.5.10, 6.8.5, and 6.9.1...

cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.0 <=3.3.2.2), cn.herodotus.engine:oauth2-core (>=3.3.0.0 <=3.3.2.2) +249 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.3.0 <=6.3.10)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.3.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.1 and more Source cves: CVE-2026-22748 Source advisory:...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

com.farao-community.farao:csa-runner-api (>=1.3.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.3.1 <=2.6.1) +97 more potentially affected by CVE-2025-48059 via com.powsybl:powsybl-iidm-criteria (>=6.3.0 <=6.7.1)

com.powsybl:powsybl-iidm-criteria MAVEN version =6.3.0, =1.3.1, =1.3.1, =1.18.0, =1.18.0, =1.4.0, =1.6.0, =1.12.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.24.0, =1.6.2, =1.13.0 and more Source cves: CVE-2025-48059 Source advisory:...

CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

UBUNTU-CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

ai.driftkit:driftkit-chat-assistant-framework (>=0.5.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +3203 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.3.0 <=6.3.7)

org.springframework.security:spring-security-crypto MAVEN version =6.3.0, =0.5.0, =0.6.0, =0.5.0, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =0.8.4, =cloud-0.1, =cloud-0.3 and more Source cves: CVE-2025-22228 Source advisory: OSV:GHSA-MG83-C7GQ-RV5C...

com.qwlabs.doraemon:task-queue (>=0.3.0 <=0.3.37), io.apicurio:apicurio-registry-app (>=3.0.4 <=3.0.6) +93 more potentially affected by CVE-2025-2240 via io.smallrye:smallrye-fault-tolerance-core (>=6.3.0 <=6.4.1)

io.smallrye:smallrye-fault-tolerance-core MAVEN version =6.3.0, =0.3.0, =3.0.4, =3.0.4, =3.0.4, =3.0.4, =0.34.0, =4.0.2, =4.0.2, =4.0.2, =3.10.0, =3.10.0, =6.3.0, =6.3.0, =6.3.0, =6.3.0, =6.4.1 and more Source cves: CVE-2025-2240 Source advisory:...

WordPress plugin Awesome Support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

Security Bulletin: IBM Sterling Connect:Direct Web Services is uses spring-web-6.0.21.jar which is vulnerable to denial of service

Summary IBM Sterling Connect:Direct Web Services uses VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by...

PT-2023-3052 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.1 through 7.0.1 FortiWeb version 6.2 FortiWeb version 6.3.0 through 6.3.19 FortiWeb version 6.4 Description: A heap-based buffer overflow in FortiWeb allows an attacker to escalate privileges via specifically crafted...

Fortinet FortiWeb 路径遍历漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists in...

@bouzuya/mr-jums (>=0.2.0 <=0.9.1), @deansel/latte (=0.1.2-beta.1) +77 more potentially affected by CVE-2022-24999 via qs (>=6.3.0 <=6.3.1)

qs NPM version =6.3.0, =0.2.0, =1.0.0-alpha.7, =0.0.1-alpha.1, =0.0.1-dev.0, =4.0.0-beta.6, =3.0.0, =0.20.5, =0.20.5, =0.20.8, =0.1.5, =0.6.5, =0.13.0, =0.15.0 - app-decorators =0.8.206 and more Source cves: CVE-2022-24999 Source advisory: OSV:GHSA-HRPP-H998-J3PP...

CVE-2021-36194

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests...

Netscaut nGeniusONE FDSQueryService Function Cross-Site Scripting Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of validation of user input data and filtering of...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

FortiWeb Format String Vulnerability

FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...

Huawei FusionCompute Elevation of Privilege Vulnerability

FusionCompute is Huawei's self-developed computing virtualization software. An elevation of privilege vulnerability exists in FusionCompute 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. The vulnerability stems from improper privilege management. An attacker with normal privileges could exploit the...