205 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in protobuf [CVE-2025-47273]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in Chuck-protobuf, due to a flaw in setuptoolsPackageIndex CVE-2025-47273. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled recursion due to the Apache Commons Lang package (CVE-2025-48924)
Summary Apache Commons Lang is used by DataStage on Cloud Pak for Data as part of API processing functionality. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
EUVD-2021-11383
Malware in sbrugna...
EUVD-2004-0050
Malware in sbrugna...
EUVD-2019-3009
Malware in sbrugna...
EUVD-2022-44075
Malicious code in bioql PyPI...
EUVD-2022-7113
Malicious code in bioql PyPI...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge contains a vulnerable version of requests-2.32.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties f...
CVE-2025-58266
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...
WordPress Widget Options - Extended plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Widget Options - Extended plugin = 5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Widget Options - Extended versions = 5.2.1...
CVE-2025-58266 WordPress Gianism plugin <= 6.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...
PowerDNS Recursor 安全漏洞
PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 5.0.10, 5.1.4, and 5.2.2 and above, which stems from the fact that spoofing attempts for ECS-enabled queries have a higher chance of...
OPENSUSE-SU-2025:15267-1 python311-Django-5.2.2-1.1 on GA media
These are all security issues fixed in the python311-Django-5.2.2-1.1 package on the GA media of openSUSE Tumbleweed...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the RedirectSlashes function. An attacker can redirect users to arbitrary external sites by manipulating the Host header in HTTP requests. Remediation Upgrade github.com/go-chi/chi/v5/middleware to version 5.2.2 or...
OESA-2025-1642 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 Content Management System.CWE is classifying the issue as CWE-117. The product does n...
Django 安全漏洞
Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.2.2, prior to 5.1.10, and prio...
CVE-2023-46502
An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...
CVE-2020-35659
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page...
CVE-2025-32928
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through = 5.2.2...
CVE-2025-32928
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2...