Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33228 (GCVE-0-2026-33228)
Vulnerability from cvelistv5 – Published: 2026-03-20 23:06 – Updated: 2026-07-03 12:05- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WebReflection | flatted |
Affected:
< 3.4.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T17:35:34.197834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T17:57:22.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "unaffected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-20T23:06:48.485Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:05:11.579Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-33228"
},
{
"name": "RHBZ#2449872",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449872"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33228.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-21T00:01:43.424Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-20T23:06:48.485Z",
"value": "Made public."
}
],
"title": "flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "flatted",
"vendor": "WebReflection",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \"__proto__\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T23:06:48.485Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
},
{
"name": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
},
{
"name": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
}
],
"source": {
"advisory": "GHSA-rf6f-7fwh-wjgh",
"discovery": "UNKNOWN"
},
"title": "flatted: Prototype Pollution via parse()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33228",
"datePublished": "2026-03-20T23:06:48.485Z",
"dateReserved": "2026-03-18T02:42:27.507Z",
"dateUpdated": "2026-07-03T12:05:11.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Critical\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:build_keycloak:\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Keycloak\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_single_sign_on:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Single Sign-On 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:optaplanner:::el6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of OptaPlanner 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Data Grid 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:11\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 11\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:12\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 12\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:directory_server:13\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Directory Server 13\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jbosseapxp\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform Expansion Pack\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:2\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-21T00:01:43.424Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-03-20T23:06:48.485Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9742: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13826: Red Hat Developer Hub 1.9\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-03-20T23:06:48.485Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-33228\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2449872\", \"name\": \"RHBZ#2449872\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33228.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9742\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in flatted, a JavaScript Object Notation (JSON) parser designed for handling circular data structures. A remote attacker can exploit this vulnerability by providing specially crafted JSON input. The parse() function in flatted fails to properly validate string values used as array index keys, allowing an attacker to manipulate internal JavaScript object prototypes. This prototype pollution can enable an attacker to execute arbitrary code or cause a denial of service, impacting the availability and integrity of affected systems.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-915\", \"description\": \"Improperly Controlled Modification of Dynamically-Determined Object Attributes\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-03T12:05:11.579Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33228\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-24T17:35:34.197834Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-24T17:57:13.490Z\"}}], \"cna\": {\"title\": \"flatted: Prototype Pollution via parse()\", \"source\": {\"advisory\": \"GHSA-rf6f-7fwh-wjgh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"WebReflection\", \"product\": \"flatted\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.4.2\"}]}], \"references\": [{\"url\": \"https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh\", \"name\": \"https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\", \"name\": \"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/WebReflection/flatted/releases/tag/v3.4.2\", \"name\": \"https://github.com/WebReflection/flatted/releases/tag/v3.4.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \\\"__proto__\\\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-20T23:06:48.485Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33228\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-03T12:05:11.579Z\", \"dateReserved\": \"2026-03-18T02:42:27.507Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-20T23:06:48.485Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0523
Vulnerability from certfr_avis - Published: 2026-04-30 - Updated: 2026-04-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix048 | ||
| IBM | WebSphere | WebSphere Application Server - Liberty versions 17.0.0.3 à 26.0.0.4 sans le dernier correctif de sécurité | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 15.0 sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10 sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix019 | ||
| IBM | Security QRadar Log Management AQL | greffon Security QRadar Log Management AQL versions 1.x antérieures à 1.1.5 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix048",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server - Liberty versions 17.0.0.3 \u00e0 26.0.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 15.0 sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10 sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix019",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "greffon Security QRadar Log Management AQL versions 1.x ant\u00e9rieures \u00e0 1.1.5",
"product": {
"name": "Security QRadar Log Management AQL",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-22610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22610"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2026-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3621"
},
{
"name": "CVE-2025-66412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
},
{
"name": "CVE-2025-66035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-27970",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27970"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-15599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15599"
},
{
"name": "CVE-2024-31033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31033"
},
{
"name": "CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-27601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
}
],
"initial_release_date": "2026-04-30T00:00:00",
"last_revision_date": "2026-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270805",
"url": "https://www.ibm.com/support/pages/node/7270805"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270827",
"url": "https://www.ibm.com/support/pages/node/7270827"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270869",
"url": "https://www.ibm.com/support/pages/node/7270869"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270820",
"url": "https://www.ibm.com/support/pages/node/7270820"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270845",
"url": "https://www.ibm.com/support/pages/node/7270845"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270868",
"url": "https://www.ibm.com/support/pages/node/7270868"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270775",
"url": "https://www.ibm.com/support/pages/node/7270775"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270692",
"url": "https://www.ibm.com/support/pages/node/7270692"
}
]
}
CERTFR-2026-AVI-0641
Vulnerability from certfr_avis - Published: 2026-05-22 - Updated: 2026-05-22
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | AIX | Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de sécurité Fix Pack 2 | ||
| IBM | WebSphere | WebSphere Automation versions 1.1x antérieures à 1.12.1 | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.4 sans le correctif Special Build #83501 | ||
| IBM | Db2 | Db2 Big SQL versions 7.6.x à 8.3.x antérieures à 8.3.1 patch 4 | ||
| IBM | Db2 | Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x à 5.3.x antérieures à 5.3.1 | ||
| IBM | AIX | Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de sécurité Fix Pack 2 | ||
| IBM | Sterling | Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de sécurité PH71227 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif Special Build #81937 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Open SDK pour Rust sur AIX versions 1.92.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Automation versions 1.1x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.4 sans le correctif Special Build #83501",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions 7.6.x \u00e0 8.3.x ant\u00e9rieures \u00e0 8.3.1 patch 4",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 sur Cloud Pak for Data et Db2 Warehouse sur Cloud Pak for Data versions 4.8.x \u00e0 5.3.x ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Open SDK pour Rust sur AIX versions 1.90.x sans le correctif de s\u00e9curit\u00e9 Fix Pack 2",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Transformation Extender versions 11.0.1.1 et 11.0.2.0 sans le correctif de s\u00e9curit\u00e9 PH71227",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif Special Build #81937",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"name": "CVE-2026-31958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31958"
},
{
"name": "CVE-2025-67726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67726"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2025-39761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39761"
},
{
"name": "CVE-2026-35611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35611"
},
{
"name": "CVE-2024-45310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45310"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2025-58767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-29045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29045"
},
{
"name": "CVE-2021-43784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2025-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12801"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2026-41681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41681"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-41677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41677"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-61594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3713"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2025-38351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38351"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-59059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59059"
},
{
"name": "CVE-2026-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41676"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2024-50301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50301"
},
{
"name": "CVE-2025-67724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67724"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2026-29087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29087"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-35554",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35554"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2026-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"name": "CVE-2026-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41678"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
}
],
"initial_release_date": "2026-05-22T00:00:00",
"last_revision_date": "2026-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0641",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273152",
"url": "https://www.ibm.com/support/pages/node/7273152"
},
{
"published_at": "2026-05-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273312",
"url": "https://www.ibm.com/support/pages/node/7273312"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273153",
"url": "https://www.ibm.com/support/pages/node/7273153"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273155",
"url": "https://www.ibm.com/support/pages/node/7273155"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7271877",
"url": "https://www.ibm.com/support/pages/node/7271877"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273156",
"url": "https://www.ibm.com/support/pages/node/7273156"
},
{
"published_at": "2026-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273269",
"url": "https://www.ibm.com/support/pages/node/7273269"
},
{
"published_at": "2026-05-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273281",
"url": "https://www.ibm.com/support/pages/node/7273281"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273150",
"url": "https://www.ibm.com/support/pages/node/7273150"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273151",
"url": "https://www.ibm.com/support/pages/node/7273151"
},
{
"published_at": "2026-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273555",
"url": "https://www.ibm.com/support/pages/node/7273555"
}
]
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0834
Vulnerability from certfr_avis - Published: 2026-07-03 - Updated: 2026-07-03
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | Db2 | Db2 Genius Hub versions antérieures à 1.1.3 | ||
| IBM | Db2 | Db2 Big SQL on IBM Software Hub versions antérieures à 5.4 | ||
| IBM | WebSphere | WebSphere Remote Server versions 9.x antérieures à 9.0.5.29 | ||
| IBM | N/A | SOAR QRadar Plugin App versions antérieures à 5.6.5 | ||
| IBM | WebSphere | WebSphere Remote Server versions 8.5.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.x antérieures à 8.5.5.31 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions antérieures à 26.0.0.8 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Genius Hub versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on IBM Software Hub versions ant\u00e9rieures \u00e0 5.4",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.29",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Remote Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.x ant\u00e9rieures \u00e0 8.5.5.31",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 26.0.0.8",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-50645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50645"
},
{
"name": "CVE-2026-11383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11383"
},
{
"name": "CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2024-7531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
},
{
"name": "CVE-2021-3572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
},
{
"name": "CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"name": "CVE-2025-14688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14688"
},
{
"name": "CVE-2026-9171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9171"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2026-1577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1577"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2026-9072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9072"
},
{
"name": "CVE-2026-24737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24737"
},
{
"name": "CVE-2026-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8858"
},
{
"name": "CVE-2026-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7246"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-11541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11541"
},
{
"name": "CVE-2025-1371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
},
{
"name": "CVE-2026-11707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11707"
},
{
"name": "CVE-2026-11546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11546"
},
{
"name": "CVE-2026-42036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42036"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2026-11594",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11594"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2026-24043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24043"
},
{
"name": "CVE-2025-13755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13755"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-6051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6051"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-11536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11536"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2026-8646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8646"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-9320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9320"
},
{
"name": "CVE-2026-6053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6053"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2024-29869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29869"
},
{
"name": "CVE-2026-42040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42040"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-6052",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6052"
},
{
"name": "CVE-2025-1377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2024-25260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
},
{
"name": "CVE-2026-24133",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24133"
},
{
"name": "CVE-2026-10845",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10845"
},
{
"name": "CVE-2026-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2327"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3676"
},
{
"name": "CVE-2026-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1352"
},
{
"name": "CVE-2025-1376",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-36122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36122"
},
{
"name": "CVE-2026-25940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25940"
},
{
"name": "CVE-2026-24040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24040"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11708"
},
{
"name": "CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"name": "CVE-2026-25755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25755"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"name": "CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"name": "CVE-2026-11595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11595"
},
{
"name": "CVE-2026-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11714"
},
{
"name": "CVE-2026-25535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25535"
},
{
"name": "CVE-2026-42034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42034"
},
{
"name": "CVE-2026-9322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9322"
},
{
"name": "CVE-2026-31938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31938"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2026-6938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6938"
},
{
"name": "CVE-2026-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-11712"
},
{
"name": "CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-13772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13772"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-42037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42037"
},
{
"name": "CVE-2026-42042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42042"
},
{
"name": "CVE-2026-9071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9071"
},
{
"name": "CVE-2026-9006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9006"
},
{
"name": "CVE-2026-31898",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31898"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2023-24056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24056"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2026-10852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10852"
},
{
"name": "CVE-2026-27212",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27212"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2025-68428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68428"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-1718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1718"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
}
],
"initial_release_date": "2026-07-03T00:00:00",
"last_revision_date": "2026-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0834",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278360",
"url": "https://www.ibm.com/support/pages/node/7278360"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279004",
"url": "https://www.ibm.com/support/pages/node/7279004"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278998",
"url": "https://www.ibm.com/support/pages/node/7278998"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278996",
"url": "https://www.ibm.com/support/pages/node/7278996"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278993",
"url": "https://www.ibm.com/support/pages/node/7278993"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279001",
"url": "https://www.ibm.com/support/pages/node/7279001"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278935",
"url": "https://www.ibm.com/support/pages/node/7278935"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278590",
"url": "https://www.ibm.com/support/pages/node/7278590"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278148",
"url": "https://www.ibm.com/support/pages/node/7278148"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279002",
"url": "https://www.ibm.com/support/pages/node/7279002"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278995",
"url": "https://www.ibm.com/support/pages/node/7278995"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278997",
"url": "https://www.ibm.com/support/pages/node/7278997"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278990",
"url": "https://www.ibm.com/support/pages/node/7278990"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278358",
"url": "https://www.ibm.com/support/pages/node/7278358"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278989",
"url": "https://www.ibm.com/support/pages/node/7278989"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278576",
"url": "https://www.ibm.com/support/pages/node/7278576"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278572",
"url": "https://www.ibm.com/support/pages/node/7278572"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278580",
"url": "https://www.ibm.com/support/pages/node/7278580"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278398",
"url": "https://www.ibm.com/support/pages/node/7278398"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278359",
"url": "https://www.ibm.com/support/pages/node/7278359"
},
{
"published_at": "2026-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7279003",
"url": "https://www.ibm.com/support/pages/node/7279003"
},
{
"published_at": "2026-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278103",
"url": "https://www.ibm.com/support/pages/node/7278103"
},
{
"published_at": "2026-06-30",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278593",
"url": "https://www.ibm.com/support/pages/node/7278593"
},
{
"published_at": "2026-06-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7278399",
"url": "https://www.ibm.com/support/pages/node/7278399"
}
]
}
CERTFR-2026-AVI-0627
Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.2.x antérieures à 10.2.3 | ||
| Splunk | N/A | Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9 | ||
| Splunk | Splunk | image Docker Splunk versions 10.2.x antérieures à 10.2.2 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1 | ||
| Splunk | Splunk AppDynamics Database Agent | Splunk AppDynamics Database Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk | image Docker Splunk versions 9.4.x antérieures à 9.4.10 | ||
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5 | ||
| Splunk | Splunk AppDynamics Private Synthetic Agent | Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Analytics Agent | Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0 | ||
| Splunk | N/A | Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk AppDynamics Machine Agent | Splunk AppDynamics Machine Agent versions antérieures à 26.4.0 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11 | ||
| Splunk | N/A | Splunk AppDynamics Python Agent versions antérieures à 26.4.1 | ||
| Splunk | Splunk | image Docker Splunk versions 10.0.x antérieures à 10.0.5 | ||
| Splunk | N/A | Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 10.0.x antérieures à 10.0.6 | ||
| Splunk | N/A | Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk | image Docker Splunk versions 9.3.x antérieures à 9.3.11 | ||
| Splunk | Splunk Cloud Platform | Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13 | ||
| Splunk | Universal Forwarder | Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 9.3.x antérieures à 9.3.12 | ||
| Splunk | Splunk AppDynamics Java Agent | Splunk AppDynamics Java Agent versions antérieures à 26.4.0 |
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Database Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Private Synthetic Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Analytics Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Machine Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
"product": {
"name": "Splunk",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
"product": {
"name": "Splunk Cloud Platform",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
"product": {
"name": "Universal Forwarder",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
"product": {
"name": "Splunk AppDynamics Java Agent",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2019-10202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2017-7657",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
},
{
"name": "CVE-2017-7658",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
},
{
"name": "CVE-2017-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2022-40023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-47627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
},
{
"name": "CVE-2023-49081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
},
{
"name": "CVE-2023-49082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
},
{
"name": "CVE-2024-23829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-26130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2023-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-9820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-13836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
},
{
"name": "CVE-2025-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
},
{
"name": "CVE-2025-66516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
},
{
"name": "CVE-2025-37731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2024-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
},
{
"name": "CVE-2024-12087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
},
{
"name": "CVE-2024-12088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
},
{
"name": "CVE-2024-12084",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-53899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-24855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-52304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2023-5590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2025-27210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2024-58251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
},
{
"name": "CVE-2025-46394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-68384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
},
{
"name": "CVE-2025-68390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2025-14819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2025-66566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"name": "CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"name": "CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"name": "CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"name": "CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"name": "CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"name": "CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"name": "CVE-2025-12183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-11468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
},
{
"name": "CVE-2025-15282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
},
{
"name": "CVE-2026-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
},
{
"name": "CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"name": "CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"name": "CVE-2025-68973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
},
{
"name": "CVE-2026-1861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
},
{
"name": "CVE-2026-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
},
{
"name": "CVE-2026-25210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
},
{
"name": "CVE-2025-14831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
},
{
"name": "CVE-2026-1584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
},
{
"name": "CVE-2026-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
},
{
"name": "CVE-2026-2648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
},
{
"name": "CVE-2026-2649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
},
{
"name": "CVE-2026-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
},
{
"name": "CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"name": "CVE-2026-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
},
{
"name": "CVE-2026-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
},
{
"name": "CVE-2026-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
},
{
"name": "CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"name": "CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"name": "CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"name": "CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"name": "CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"name": "CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"name": "CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"name": "CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"name": "CVE-2026-27171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
},
{
"name": "CVE-2026-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
},
{
"name": "CVE-2026-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
},
{
"name": "CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"name": "CVE-2025-69225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
},
{
"name": "CVE-2025-69226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
},
{
"name": "CVE-2025-69227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
},
{
"name": "CVE-2025-69228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
},
{
"name": "CVE-2025-69229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
},
{
"name": "CVE-2026-22690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
},
{
"name": "CVE-2026-22691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
},
{
"name": "CVE-2026-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
},
{
"name": "CVE-2026-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
},
{
"name": "CVE-2026-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
},
{
"name": "CVE-2026-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
},
{
"name": "CVE-2026-3540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
},
{
"name": "CVE-2026-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
},
{
"name": "CVE-2026-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
},
{
"name": "CVE-2026-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
},
{
"name": "CVE-2026-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
},
{
"name": "CVE-2026-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
},
{
"name": "CVE-2026-22702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
},
{
"name": "CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"name": "CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"name": "CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"name": "CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"name": "CVE-2026-3731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
},
{
"name": "CVE-2026-4111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-33055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
},
{
"name": "CVE-2026-33056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-21710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
},
{
"name": "CVE-2026-21713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
},
{
"name": "CVE-2026-21714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
},
{
"name": "CVE-2026-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
},
{
"name": "CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-35469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
},
{
"name": "CVE-2026-21712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
},
{
"name": "CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"name": "CVE-2026-24688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
},
{
"name": "CVE-2026-27024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
},
{
"name": "CVE-2026-27025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
},
{
"name": "CVE-2026-27026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
},
{
"name": "CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"name": "CVE-2026-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
},
{
"name": "CVE-2026-28351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
},
{
"name": "CVE-2026-27456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
},
{
"name": "CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"name": "CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-1605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
},
{
"name": "CVE-2026-27140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
},
{
"name": "CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"name": "CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"name": "CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"name": "CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"name": "CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-28804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
},
{
"name": "CVE-2026-34073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
},
{
"name": "CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"name": "CVE-2018-12023",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
},
{
"name": "CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"name": "CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2022-45868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
},
{
"name": "CVE-2023-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
},
{
"name": "CVE-2023-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
},
{
"name": "CVE-2024-10220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2024-27308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
},
{
"name": "CVE-2024-32650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
},
{
"name": "CVE-2024-5321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"name": "CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"name": "CVE-2025-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
},
{
"name": "CVE-2025-55159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
},
{
"name": "CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"name": "CVE-2026-20238",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
},
{
"name": "CVE-2026-20239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
},
{
"name": "CVE-2026-20240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
},
{
"name": "CVE-2026-25541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
},
{
"name": "CVE-2026-25833",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
},
{
"name": "CVE-2026-25834",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
},
{
"name": "CVE-2026-25835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2026-32776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
},
{
"name": "CVE-2026-32777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
},
{
"name": "CVE-2026-32778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
},
{
"name": "CVE-2026-34477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
},
{
"name": "CVE-2026-34478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
},
{
"name": "CVE-2026-34871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
},
{
"name": "CVE-2026-34872",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
},
{
"name": "CVE-2026-34873",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
},
{
"name": "CVE-2026-34874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
},
{
"name": "CVE-2026-34875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
},
{
"name": "CVE-2026-34876",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
},
{
"name": "CVE-2026-34877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
},
{
"name": "CVE-2026-40200",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2026-42308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
},
{
"name": "CVE-2026-42309",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
},
{
"name": "CVE-2026-42310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
},
{
"name": "CVE-2026-42311",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
},
{
"name": "CVE-2026-6042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
}
],
"initial_release_date": "2026-05-21T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0627",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
},
{
"published_at": "2026-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
},
{
"published_at": "2026-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
]
}
CERTFR-2026-AVI-0667
Vulnerability from certfr_avis - Published: 2026-05-29 - Updated: 2026-05-29
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics Mobile versions antérieures à 1.1.26 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.0 sans le correctif iFix09 | ||
| IBM | Tivoli Monitoring | Tivoli Monitoring sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF03 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.2.0 sans le correctif iFix04 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.11.0 | ||
| IBM | N/A | Analyst Workflow versions antérieures à 3.1.0 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.11.0 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.1.0 sans le correctif iFix03 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics Mobile versions ant\u00e9rieures \u00e0 1.1.26",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.0 sans le correctif iFix09",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Monitoring sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli Monitoring",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP15 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.2.0 sans le correctif iFix04",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.11.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Analyst Workflow versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.11.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.1.0 sans le correctif iFix03",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
},
{
"name": "CVE-2026-35388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35388"
},
{
"name": "CVE-2006-10003",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2026-40466",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40466"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2026-35386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35386"
},
{
"name": "CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2026-31402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2025-68741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68741"
},
{
"name": "CVE-2026-33349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33349"
},
{
"name": "CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"name": "CVE-2026-33940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33940"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2026-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40974"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2026-31988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31988"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2026-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-28421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-31431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2025-11953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11953"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-59471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59471"
},
{
"name": "CVE-2026-33941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33941"
},
{
"name": "CVE-2026-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0848"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2026-33412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2025-59472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59472"
},
{
"name": "CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2026-23401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0847"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-28417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
},
{
"name": "CVE-2023-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2026-35535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35535"
},
{
"name": "CVE-2025-68724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
},
{
"name": "CVE-2026-33939",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33939"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41044"
},
{
"name": "CVE-2006-10002",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
},
{
"name": "CVE-2026-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
},
{
"name": "CVE-2026-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
},
{
"name": "CVE-2026-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-4867",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4867"
},
{
"name": "CVE-2024-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-23897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23897"
},
{
"name": "CVE-2026-35385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35385"
},
{
"name": "CVE-2026-34601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34601"
},
{
"name": "CVE-2026-29057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29057"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2026-34197",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"
},
{
"name": "CVE-2026-25128",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25128"
},
{
"name": "CVE-2025-13333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13333"
},
{
"name": "CVE-2025-12635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2026-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33036"
},
{
"name": "CVE-2026-35414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35414"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"name": "CVE-2026-33916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33916"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"name": "CVE-2023-26132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26132"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2026-33937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33937"
},
{
"name": "CVE-2026-31808",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31808"
},
{
"name": "CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
},
{
"name": "CVE-2026-39373",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39373"
},
{
"name": "CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"name": "CVE-2026-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8620"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8633"
},
{
"name": "CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2026-25896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2026-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33938"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-30951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30951"
},
{
"name": "CVE-2026-35387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35387"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2026-27837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27837"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-39983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39983"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2739"
},
{
"name": "CVE-2024-56462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56462"
},
{
"name": "CVE-2026-35213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35213"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
}
],
"initial_release_date": "2026-05-29T00:00:00",
"last_revision_date": "2026-05-29T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0667",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274185",
"url": "https://www.ibm.com/support/pages/node/7274185"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274154",
"url": "https://www.ibm.com/support/pages/node/7274154"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274180",
"url": "https://www.ibm.com/support/pages/node/7274180"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274183",
"url": "https://www.ibm.com/support/pages/node/7274183"
},
{
"published_at": "2026-05-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273957",
"url": "https://www.ibm.com/support/pages/node/7273957"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274184",
"url": "https://www.ibm.com/support/pages/node/7274184"
},
{
"published_at": "2026-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274314",
"url": "https://www.ibm.com/support/pages/node/7274314"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274182",
"url": "https://www.ibm.com/support/pages/node/7274182"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274181",
"url": "https://www.ibm.com/support/pages/node/7274181"
},
{
"published_at": "2026-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273803",
"url": "https://www.ibm.com/support/pages/node/7273803"
},
{
"published_at": "2026-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7272901",
"url": "https://www.ibm.com/support/pages/node/7272901"
}
]
}
GHSA-RF6F-7FWH-WJGH
Vulnerability from github – Published: 2026-03-19 17:43 – Updated: 2026-03-25 18:22Summary
The parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype.
Root Cause
File: esm/index.js:29 (identical in cjs/index.js)
const resolver = (input, lazy, parsed, $) => output => {
for (let ke = keys(output), {length} = ke, y = 0; y < length; y++) {
const k = ke[y];
const value = output[k];
if (value instanceof Primitive) {
const tmp = input[value]; // Bug is here
No validation that value is a safe numeric index input is built as a plain Array. JavaScript's property lookup on arrays traverses the prototype chain for non-numeric keys. The key "__proto__" resolves to Array.prototype, which:
- has type "object" → passes the typeof tmp === object guard at line 30
- is not in the parsed Set yet → passes the !parsed.has(tmp) guard.
- The reference to Array.prototype is then enqueued in lazy and later unconditionally assigned to the output object.
Replication Steps
const Flatted = require('flatted');
const parsed = Flatted.parse('[{"x":"__proto__"}]');
parsed.x.polluted = 'pwned';
console.log([].polluted); // Returns true
Impact An attacker can supply a crafted flatted string to parse() that causes the returned object to hold a live reference to Array.prototype, enabling any downstream code that writes to that property to pollute the global prototype chain, potentially causing denial of service or code execution.
Recommended solution Validate that the index string represents an integer within the bounds of input before accessing it:
// Before (vulnerable) const tmp = input[value];
// After (safe) const idx = +value; // coerce boxed String → number const tmp = (Number.isInteger(idx) && idx >= 0 && idx < input.length) ? input[idx] : undefined;
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.4.1"
},
"package": {
"ecosystem": "npm",
"name": "flatted"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33228"
],
"database_specific": {
"cwe_ids": [
"CWE-1321"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-19T17:43:54Z",
"nvd_published_at": "2026-03-20T23:16:46Z",
"severity": "HIGH"
},
"details": "---\n **Summary**\n\n The parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index\n keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it\n with the key \"\\_\\_proto\\_\\_\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate\n parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype\n to the consumer. Any code that subsequently writes to that property will pollute the global prototype.\n\n ---\n **Root Cause**\n\n File: esm/index.js:29 (identical in cjs/index.js)\n```\n const resolver = (input, lazy, parsed, $) =\u003e output =\u003e {\n for (let ke = keys(output), {length} = ke, y = 0; y \u003c length; y++) {\n const k = ke[y];\n const value = output[k]; \n if (value instanceof Primitive) {\n const tmp = input[value]; // Bug is here\n```\n\nNo validation that value is a safe numeric index input is built as a plain Array. JavaScript\u0027s property lookup on arrays traverses the prototype chain for non-numeric keys. The key \"\\_\\_proto\\_\\_\" resolves to Array.prototype, which:\n\n - has type \"object\" \u2192 passes the typeof tmp === object guard at line 30\n - is not in the parsed Set yet \u2192 passes the !parsed.has(tmp) guard.\n - The reference to Array.prototype is then enqueued in lazy and later unconditionally assigned to the output object.\n ---\n **Replication Steps**\n```\n const Flatted = require(\u0027flatted\u0027); \n const parsed = Flatted.parse(\u0027[{\"x\":\"__proto__\"}]\u0027);\n parsed.x.polluted = \u0027pwned\u0027;\n console.log([].polluted); // Returns true\n``` \n ---\n **Impact**\n An attacker can supply a crafted flatted string to parse() that causes the returned object to hold a live reference to Array.prototype, enabling any downstream code that writes to that property to pollute the global prototype chain, potentially causing denial of service or code execution.\n\n **Recommended solution**\n Validate that the index string represents an integer within the bounds of input before accessing it:\n\n // Before (vulnerable)\n const tmp = input[value];\n\n // After (safe)\n const idx = +value; // coerce boxed String \u2192 number\n const tmp = (Number.isInteger(idx) \u0026\u0026 idx \u003e= 0 \u0026\u0026 idx \u003c input.length)\n ? input[idx]\n : undefined;",
"id": "GHSA-rf6f-7fwh-wjgh",
"modified": "2026-03-25T18:22:00Z",
"published": "2026-03-19T17:43:54Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33228"
},
{
"type": "WEB",
"url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
},
{
"type": "PACKAGE",
"url": "https://github.com/WebReflection/flatted"
},
{
"type": "WEB",
"url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Prototype Pollution via parse() in NodeJS flatted"
}
FKIE_CVE-2026-33228
Vulnerability from fkie_nvd - Published: 2026-03-20 23:16 - Updated: 2026-07-02 12:179.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802 | Patch | |
| security-advisories@github.com | https://github.com/WebReflection/flatted/releases/tag/v3.4.2 | Product | |
| security-advisories@github.com | https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh | Exploit, Vendor Advisory | |
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:13826 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:34342 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:9742 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/security/cve/CVE-2026-33228 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://bugzilla.redhat.com/show_bug.cgi?id=2449872 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33228.json |
| Vendor | Product | Version | |
|---|---|---|---|
| webreflection | flatted | * |
{
"affected": [
{
"affectedData": [
{
"product": "flatted",
"vendor": "WebReflection",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.2"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "unaffected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "unaffected",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webreflection:flatted:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B9B19945-5AD9-4557-A372-AF04A9EDC1BB",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \"__proto__\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2."
},
{
"lang": "es",
"value": "flatted es un analizador de JSON circular. Antes de la versi\u00f3n 3.4.2, la funci\u00f3n parse() en flatted puede usar valores de cadena controlados por el atacante del JSON analizado como claves de \u00edndice de array directas, sin validar que sean num\u00e9ricos. Dado que el b\u00fafer de entrada interno es un Array de JavaScript, acceder a \u00e9l con la clave \u0027__proto__\u0027 devuelve Array.prototype a trav\u00e9s del getter heredado. Este objeto es entonces tratado como un valor analizado leg\u00edtimo y asignado como una propiedad del objeto de salida, filtrando efectivamente una referencia en vivo a Array.prototype al consumidor. Cualquier c\u00f3digo que posteriormente escriba en esa propiedad contaminar\u00e1 el prototipo global. Este problema ha sido parcheado en la versi\u00f3n 3.4.2."
}
],
"id": "CVE-2026-33228",
"lastModified": "2026-07-02T12:17:05.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-33228",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T17:35:34.197834Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-03-20T23:16:46.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:9742"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-33228"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449872"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33228.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-915"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.