CVE-2026-25340

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

CVE-2026-25340 WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

CVE-2026-27603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing...

CVE-2026-27603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing...

CVE-2026-27605

CVE-2026-27605 affects Chartbrew before 4.8.4. The app allowed uploading logos without validating file type/content, trusting user-provided extensions and saving files to uploads/ for static serving. An attacker could upload an HTML file with malicious JavaScript, and since authentication tokens ...

PT-2026-23639

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the chart filter endpoint, ''/project/:project id/chart/:chart id/filter'', lacks both...

PT-2026-23640

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the application does not validate file types or content when uploading files, such as...

Security Bulletin: IBM watsonx Orchestrate with watsonx Assistant Cartridge is vulnerable to HTTP Request Smuggling due to aiohttp

Summary aiohttp is used by IBM watsonx Orchestrate with watsonx Assistant Cartridge as a part of wxo-server-server image Vulnerability Details IBM X-Force ID: 275957 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sendin...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

EUVD-2008-2904

Malware in sbrugna...

EUVD-2021-11631

Malware in sbrugna...

EUVD-2023-49502

Malicious code in bioql PyPI...

EUVD-2025-9871

Malicious code in bioql PyPI...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in llama_index-0.12.29-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of llamaindex-0.12.29-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabiliti...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-0165

CVE-2025-0165 affects IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, with vulnerable versions 4.8.4–5.2.0. The flaw is a SQL injection in the cartridge that could let an attacker view, add, modify, or delete data in the backend database. IBM/ PT security notes and ENISA entries con...

CVE-2025-0165 IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...