Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2025-71350

picklescan – Undetected Remote Code Execution via torch.utils.collect_env.run_CVE-2025-71350

picklescan before 0.0.28 fails to detect malicious pickle files using torch.utils.collect_env.run function in reduce methods. Attackers can embed u...

picklescan picklescan CVE
HIGH 7.6 CVE-2025-71349

picklescan – Arbitrary Code Execution via Undetected trace.Trace.run in Pickle Files_CVE-2025-71349

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected ...

picklescan picklescan CVE
CRITICAL 10 CVE-2026-56415

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56415

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A ...

Stonefly Storage Concentrator CVE
CRITICAL 10 CVE-2026-56413

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default...

StoneFly Storage Concentrator CVE
CRITICAL 9.2 CVE-2026-55721

SQL Injection in StoneFly Storage Concentrator_CVE-2026-55721

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie va...

StoneFly Storage Concentrator CVE
MEDIUM 6.3 CVE-2026-55223

c3p0 exposes a deserialization “sink” via JDBC DataSource bean properties_CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for des...

swaldman c3p0 < 0.14.0 CVE
CRITICAL 9.3 CVE-2026-50110

Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...

StoneFly Storage Concentrator CVE
LOW 3.5 CVE-2026-9836

IBM DataStage Flow Designer application is affected by an information disclosure vulnerability_CVE-2026-9836

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

IBM InfoSphere Information Server 11.7.0.0 CVE
MEDIUM 6.5 CVE-2026-9002

IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled_CVE-2026-9002

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the...

IBM WebSphere Extreme Scale 8.6.1.0 CVE
CRITICAL 9.1 CVE-2026-7874

Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...

IBM Langflow OSS 1.0.0 CVE