5.3
CVE-2026-2623 - Blossom File Upload BLOSManager.java put path traversal
A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely. β¦
6.5
CVE-2026-23598 - Unauthenticated Information Disclosure in application API allows sensitive system information exposβ¦
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well β¦
6.5
CVE-2026-23597 - Unauthenticated Information Disclosure in application API allows sensitive system information exposβ¦
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well β¦
6.5
CVE-2026-23596 - Unauthenticated Improper Access Control in management API allows unauthorized service disruption
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.
8.8
CVE-2026-23595 - Unauthenticated Authentication Bypass in application API allows unauthorized administrative accountβ¦
An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system configuratβ¦
6.3
CVE-2025-36376 - IBM Security QRadar EDR Software has multiple vulnerabilities
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
5.1
CVE-2026-2622 - Blossom Article Title ArticleController.java content cross site scripting
A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/ArticleController.java of the component Article Title Handler. The manipulation results in cross site scriβ¦
6.3
CVE-2025-36377 - IBM Security QRadar EDR Software has multiple vulnerabilities
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
5.9
CVE-2025-36379 - IBM Security QRadar EDR Software has multiple vulnerabilities
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
8.1
CVE-2025-13691 - DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.