Lucene search
+L

205 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:3 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in protobuf [CVE-2025-47273]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in Chuck-protobuf, due to a flaw in setuptoolsPackageIndex CVE-2025-47273. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

8.8CVSS7.8AI score0.01454EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 6:25 p.m.4 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled recursion due to the Apache Commons Lang package (CVE-2025-48924)

Summary Apache Commons Lang is used by DataStage on Cloud Pak for Data as part of API processing functionality. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-11383

Malware in sbrugna...

5.4CVSS5.6AI score0.00577EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2004-0050

Malware in sbrugna...

5CVSS6.4AI score0.01388EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-3009

Malware in sbrugna...

4.9CVSS5.3AI score0.01367EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-44075

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00413EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7113

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.02422EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 6:29 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of requests-2.32.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties f...

5.3CVSS6.6AI score0.00845EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.4 views

CVE-2025-58266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...

5.9CVSS5.9AI score0.00205EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 10:17 p.m.8 views

WordPress Widget Options - Extended plugin <= 5.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress Widget Options - Extended plugin = 5.2.1 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Widget Options - Extended versions = 5.2.1...

6.4CVSS5.6AI score0.00185EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/22 6:23 p.m.1 views

CVE-2025-58266 WordPress Gianism plugin <= 6.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through = 6.0.0...

5.9CVSS5.9AI score0.00205EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.6 views

PowerDNS Recursor 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 5.0.10, 5.1.4, and 5.2.2 and above, which stems from the fact that spoofing attempts for ECS-enabled queries have a higher chance of...

7.5CVSS6.1AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2025/07/03 12:0 a.m.3 views

OPENSUSE-SU-2025:15267-1 python311-Django-5.2.2-1.1 on GA media

These are all security issues fixed in the python311-Django-5.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

5.3CVSS5.8AI score0.00629EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/20 4:37 p.m.3 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the RedirectSlashes function. An attacker can redirect users to arbitrary external sites by manipulating the Host header in HTTP requests. Remediation Upgrade github.com/go-chi/chi/v5/middleware to version 5.2.2 or...

5.4CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2025/06/20 1:26 p.m.3 views

OESA-2025-1642 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 Content Management System.CWE is classifying the issue as CWE-117. The product does n...

5.3CVSS6.5AI score0.00629EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.6 views

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.2.2, prior to 5.1.10, and prio...

5.3CVSS7.7AI score0.00629EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 3:58 a.m.9 views

CVE-2023-46502

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory...

9.8CVSS7AI score0.00721EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.12 views

CVE-2020-35659

The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page...

6.1CVSS6.8AI score0.00941EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:23 p.m.9 views

CVE-2025-32928

Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through = 5.2.2...

9.8CVSS7.2AI score0.00396EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 8:15 p.m.10 views

CVE-2025-32928

Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2...

9.8CVSS5.8AI score0.00396EPSS
Exploits0References1
Rows per page
Query Builder