Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...

Directory Traversal

Overview github.com/ory/oathkeeper/proxy is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input when pat...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper validation of user-supplied input when paths are not normalized. An attacker can gain unauthorized access to protected resources by crafting specially constructed path traversal sequences. Details A...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the locateDAG process. An attacker can access arbitrary files by submitting specially crafted requests containing %2F-encoded slashes. Details A Directory Traversal attack also known as path traversal aims to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the locateDAG process. An attacker can access arbitrary files by submitting specially crafted requests containing %2F-encoded slashes. Details A Directory Traversal attack also known as path traversal aims to...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the git resolver process. An attacker can access arbitrary files on the resolver pod by supplying crafted path input. Details A Directory Traversal attack also known as path traversal aims to access files and...

Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to enumeration of users, compromised data confidentiality and integrity, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In...

EUVD-2019-19987

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...

CVE-2019-25623

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

CVE-2019-25623

The CVE-2019-25623 entry concerns Luminance Studio 2.17, where a vulnerability allows a local attacker to cause a denial-of-service by feeding malformed input via the keyboard interface. According to the sources, an attacker can craft a text file with arbitrary character sequences and trigger the...

CVE-2019-25623 Luminance Studio 2.17 Denial of Service via Malformed Input

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

CVE-2019-25623 Luminance Studio 2.17 Denial of Service via Malformed Input

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

CVE-2019-25623

Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can create a text file with arbitrary character sequences and trigger the application to process the input,...

Security update for gvfs

This update for gvfs fixes the following issues: CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths bsc1258954. Patch Instruction...

SUSE-SU-2026:0960-1 Security update for gvfs

This update for gvfs fixes the following issues: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers bsc1258953. - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths bsc1258954...

Directory Traversal

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Directory Traversal through the profile substitution logic in EnvironmentController,...

PT-2026-27205

Name of the Vulnerable Software and Affected Versions Blinko versions prior to 1.8.4 Description The file server endpoint does not validate permissions on the temp/ path and does not filter path traversal sequences, potentially allowing unauthorized access to arbitrary files on the server. If...

Blinko 路径遍历漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a path traversal vulnerability. This vulnerability occurred because the file server endpoint did not perform...

Blinko 路径遍历漏洞

Blinko is an open-source AI-based card-based note-taking app designed for users who want to quickly capture and organize fleeting ideas. Versions of Blinko prior to 1.8.4 contained a path traversal vulnerability. This vulnerability stemmed from the filePath parameter accepting path traversal...