CVE-2026-6842 affecting package nano for versions less than 6.4-3

CVE-2026-6842 affecting package nano for versions less than 6.4-3. A patched version of the package is available...

PT-2026-34042

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.4.0 through 6.4.15 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description Applications that explicitly configure One-Time Token login using...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in log4j-core (CVE-2025-68161)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-68161 of log4j-core-2.17.1.jar. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

aratinga (>=0.1.0a0.dev0 <=0.1.0a0.dev2), cjkcms-cache (=2.3.2) +24 more potentially affected by CVE-2026-28223 via wagtail (>=6.4.0 <=7.0.0)

wagtail PYPI version =6.4.0, =0.1.0a0.dev0, =4.0.0, =5.2.0, =2.0.2, =0.1.1771543667, =0.6.0, =0.0.1, =0.0.1, =0.0.1, =2.4.0, =0.0.1, =0.0.2 and more Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...

org.glassfish.mq:mq-client (>=6.4.0 <=6.9.0), org.glassfish.mq:mq-cluster (>=6.4.0 <=6.9.0) +12 more potentially affected by CVE-2026-22886 via org.glassfish.mq:mqbroker-core (>=6.4.0 <=6.9.0)

org.glassfish.mq:mqbroker-core MAVEN version =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.4.0, =6.9.0 Source cves: CVE-2026-22886 Source advisory: SNYK:JAVA-ORGGLASSFISHMQ-15444256...

CVE-2025-53843

CVE-2025-53843 describes a stack-based buffer overflow in Fortinet FortiOS that affects FortiOS 6.4 and 7.x series (notably 7.6.0–7.6.3, 7.4.0–7.4.8, and all 7.2/7.0). The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted packets, with network access ...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...

EUVD-2025-24457

Malicious code in bioql PyPI...

EUVD-2024-30493

Malicious code in bioql PyPI...

org.webjars.npm:bitcore-lib (=0.15.0), org.webjars.npm:bitcore-mnemonic (=1.5.0) +3 more potentially affected by unknown CVE via org.webjars.npm:elliptic (>=6.4.0 <=6.5.4)

org.webjars.npm:elliptic MAVEN version =6.4.0, =6.5.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:elliptic and may be impacted: - org.webjars.npm:bitcore-lib =0.15.0 - org.webjars.npm:bitcore-mnemonic =1.5.0 - org.webjars.npm:eccryp...

CVE-2024-32703

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

Fortinet多款产品 安全漏洞

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet Fortinet FortiAnalyzer Cloud is a cloud-based logging platform based on...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. CVE-2024-35949:...

PT-2024-24790 · Repute Infosystems · Arforms

Name of the Vulnerable Software and Affected Versions: ARForms versions n/a through 6.4 Description: A Missing Authorization issue affects reputeinfosystems ARForms. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents...

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A security vulnerability exists in Fortinet FortiClientEms that originates from an environment variable information leak in the login page. Affected products and versions: FortiClientEMS versions 7.0.6 through...

CVE-2023-27557

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM...

PT-2023-13619 · Sage · Sage 300

Name of the Vulnerable Software and Affected Versions: Sage 300 versions 6.4.x through 6.9.x Description: A low-privileged Sage 300 workstation user could abuse their access to the SharedData folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300...

PT-2023-1736 · Fortinet · Fortiauthenticator

Name of the Vulnerable Software and Affected Versions: Fortinet FortiAuthenticator versions 6.4.x and earlier Description: The issue is related to an improper restriction of excessive authentication attempts, allowing a remote unauthenticated attacker to partially exhaust CPU and memory by sendin...

CVE-2023-23784

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests...

Fortinet FortiWeb 路径遍历漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A path traversal vulnerability exists in...