10 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which ...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-33155 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52980 DESCRIPTION: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cau...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...
@andesite-lab/andesite-core (=1.60.2), @bechara/crux (>=6.0.0 <=6.6.2) +137 more potentially affected by CVE-2025-32442 via fastify (>=5.0.0 <=5.3.1)
fastify NPM version =5.0.0, =6.0.0, =0.2.305, =1.0.6, =1.0.11, =1.9.4, =2.0.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.8.3 - @citrineos/ocpi-base =2.0.1 - @citrineos/ocpi-cdrs =2.0.1 and more Source cves: CVE-2025-32442 Source advisory: OSV:GHSA-MG2H-6X62-WPWC...