205 matches found
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in Formidable affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Formidable has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION:...
Security Bulletin: Vulnerabilities in Apache Commons Lang affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Apache Commons Lang has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48924...
Security Bulletin: Vulnerabilities in juliangruber affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in juliangruber has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in Axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...
CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-23496
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...
CVE-2026-23496
Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)
Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...
CVE-2026-21896
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
CVE-2023-49180
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ternstyle LLC Automatic Youtube Video Posts Plugin allows Stored XSS.This issue affects Automatic Youtube Video Posts Plugin: from n/a through 5.2.2...
GHSA-4J78-4XRM-CR2F Kirby is missing permission checks in the content changes API
TL;DR This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. If developers haven't configured any user...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the content changes API when permission checks are not properly enforced. An attacker can modify site content by sending unauthorized write requests. Note: This is only exploitable if user permissions have be...
CVE-2026-21896
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
CVE-2026-21896 Kirby is missing permission checks in the content changes API
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
CVE-2026-21896 Kirby is missing permission checks in the content changes API
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by...
PT-2026-2126
Name of the Vulnerable Software and Affected Versions Kirby versions 5.0.0 through 5.2.1 Description Kirby is an open-source content management system. Versions 5.0.0 through 5.2.1 are missing permission checks in the content changes API. This affects Kirby sites where user permissions are...