Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:41 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...

5.8CVSS7.3AI score0.00282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:16 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...

8.1CVSS7.3AI score0.00487EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:56 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

9.1CVSS5.6AI score0.00318EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:11 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)

Summary IBM Watson Speech Services Cartridge is vulnerable to a condition in net/url that allows incorrect parse function values other than IPv6 addresses to be included in square brackets within the host component of a URL CVE-2025-47912, Net/url is used in our speech-utilities. This...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:9 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...

6.5CVSS6.7AI score0.00643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:50 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS6.6AI score0.00626EPSS
Exploits0Affected Software1
Rows per page
Query Builder