Security Vulnerabilities
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-05-27
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-05-27
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved by a user who was explicitly granted the CREATE TABLE privilege. The problem is resolved in PostgreSQL Anonymizer 3.1.0 and further versions
CVSS Score
6.8
EPSS Score
0.0
Published
2026-05-27
A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-05-27
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-05-27
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-27
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-27
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-05-27
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-27
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-05-27