21205 matches found
Improper Neutralization Of Escape, Meta, Or Control Sequences
Apache Tomcat is vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences. The vulnerability is due to certain uncommon rewrite rule configurations, specially crafted requests to bypass these rules, which allows an attacker to circumvent security constraints enforced by them...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF005 and 24.0.1-IF002. Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time...
CVE-2024-55913
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-55913
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-55913 IBM Concert Software path traversal
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-55913 IBM Concert Software path traversal
IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
CVE-2024-55913
CVE-2024-55913 describes a path traversal in IBM Concert Software 1.0.0–1.0.5 that lets an attacker view arbitrary files via specially crafted URLs containing dot-dot sequences (/../). The root cause is improper handling of URL path components, enabling direct file disclosure without authenticati...
VIDSTAMP: a Temporally-Aware Watermark for Ownership and Integrity in Video Diffusion Models
The rapid rise of video diffusion models has enabled the generation of highly realistic and temporally coherent videos, raising critical concerns about content authenticity, provenance, and misuse. Existing watermarking approaches, whether passive, post-hoc, or adapted from image-based techniques...
IBM Concert 路径遍历漏洞
IBM Concert Software is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A path traversal vulnerability exists in IBM Concert Software that stems from improperly handling URL requests that contain point sequences, a...
PT-2025-18734 · Ibm · Ibm Concert
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.5 Description: The issue allows a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an arbitrary code execution in Jinja [CVE-2024-56201]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja, due to a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code CVE-2024-56201. Jinja is used by our Speech Service...
Why top SOC teams are shifting to Network Detection and Response
Security Operations Center SOC teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” i...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through the PackageIndex.downloadurl method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running t...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the path parameters in the /demo/static/ endpoint. An attacker can exploit this vulnerability to read arbitrary files from the server’s filesystem by manipulating the request path, potentially exposing sensitive...
curl: [High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `--output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)
Summary: The -o / --output parameter in cURL does not restrict or sanitize file paths. When passed relative traversal sequences e.g., ../../, cURL writes files outside the current working directory, allowing arbitrary file overwrite. In automated or privileged environments CI/CD, root containers,...
Webmin CRLF Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper neutralization of CRLF sequences...
Directory Traversal
Overview org.webjars.npm:vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal through the server.fs.deny configuration due to improper input sanitization. An attacker can bypass server.fs.deny with /. for files under project root...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.1.0 Vulnerability Details CVEID:CVE-2024-55909 DESCRIPTION: IBM Concert Software could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource...
Advisory ROSA-SA-2025-2851
Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-65.0.1.rv3.3 CVE-ID: CVE-2023-27522 BDU-ID: 2023-02021 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modproxyuwsgi component of the Apache HTTP Server web server is related to flaws in HTTP request handling...