6 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)
Summary IBM Watson Speech Services Cartridge is vulnerable to a condition in net/url that allows incorrect parse function values other than IPv6 addresses to be included in square brackets within the host component of a URL CVE-2025-47912, Net/url is used in our speech-utilities. This...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)
Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...