Security Bulletin: InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read (CVE-2026-3366)

Summary InfoSphere Optim Test Data Fabrication Resource Manager is affected by Arbitrary File Read via Path Traversal CVE-2026-3366. Vulnerability Details CVEID:CVE-2026-3366 DESCRIPTION: IBM InfoSphere Optim Test Data Fabrication could allow a remote attacker to traverse directories on the syste...

Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

CVE-2026-41705

The CVE affects Spring AI MilvusVectorStore#doDelete(List) and is caused by a filter-expression injection from unsanitized document IDs. Affected are Spring AI 1.0.x (1.0.0–1.0.x); upgrade to 1.0.7+; and Spring AI 1.1.x (1.1.0–1.1.x); upgrade to 1.1.6+. CVSSv3.1 base score 8.6 (HIGH): Network acc...

PT-2026-28325

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.4 Spring AI versions 1.1.0 through 1.1.3 Description Spring AI’s spring-ai-bedrock-converse component has a Server-Side Request Forgery SSRF issue within the BedrockProxyChatModel. This occurs when handling...

Security Bulletin: Astronomer with IBM is vulnerable to event thread locking due to the starlette package (CVE-2025-54121)

Summary Starlette is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In...

Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)

Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled redirects due to the urllib3 package (CVE-2025-50181, CVE-2025-50182)

Summary urllib3 is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a...

Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...

EUVD-2005-0463

Malware in sbrugna...

CVE-2023-34054

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

Security Bulletin: Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact,...

nginx 1.1.x < 1.1.19 / 1.0.x < 1.0.15 A Buffer Overflow Vulnerability

According to its Sever response header, the installed version of nginx is 1.0.x prior to 1.0.15 or 1.1.x prior to 1.1.19. It is, therefore, affected by the following issue : - Buffer overflow in ngxhttpmp4module.c in the ngxhttpmp4module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through...

ClamAV 0.104.x, 0.105.x, 1.0.0 < 1.0.4, 1.1.x, 1.2.0 < 1.2.1 RCE

The ClamAV reported version is 0.104.x, 0.105.x, 1.0.x 1.0.4, 1.1.x or 1.2.x 1.2.1. It is, therefore, affected by a vulnerability in the “VirusEvent” feature, where an attacker could manipulate the '%f' format string parameter to inject malicious commands. Note that Nessus has not tested for...

VMware Reactor Netty Path Traversal Vulnerability

VMware Reactor Netty is a US-based VMware company that provides non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC clients and servers based on the Netty framework. A security vulnerability exists in VMware Reactor Netty versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39, which originate...

Apache Subversion Client SEoL (<= 1.0.x)

According to its version, Apache Subversion Client is less than or equal to 1.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security...

SUSE CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skippasswordcheck field t...

Ember.js Cross-site Scripting vulnerability

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

GHSA-RCX6-7JP6-PQF2 ember-source Cross-site Scripting vulnerability

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application using the group Helper and a crafted payload...

CVE-2022-25990

On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Authorization

IBM Security Information Queue ISIQ 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334...