47 matches found
CVE-2025-64152
CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...
CVE-2026-3340
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
CVE-2026-39356
Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...
ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-ai (>=0.6.0 <=0.8.7) +115 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.0.0-M5 <=1.0.6)
org.springframework.ai:spring-ai-openai MAVEN version =1.0.0-M5, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - app.valuationcontrol:library =0.5.9 - com.alibaba.cloud.ai:spring-ai-alibaba-agent-nacos =1.0.0.4 -...
PT-2026-36307
Name of the Vulnerable Software and Affected Versions OpenStack ironic-python-agent versions 1.0.0 through 11.5.0 Description Ironic Python Agent IPA may execute the grub-install function from within a chroot of the deployed partition image. This behavior can lead to arbitrary code execution if a...
CVE-2026-26204
Wazuh versions 1.0.0–4.14.3 are affected by a heap-based out-of-bounds write in GetAlertData that writes a NULL byte 1 byte before the start of the buffer allocated by strdup, due to an unsigned underflow. This corrupts heap metadata and can allow a compromised agent to cause denial of service or...
PT-2026-28119
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
EUVD-2026-10310
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
CVE-2026-24713
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...
01os (>=0.0.1 <=0.0.14), aaf (>=0.3.5 <=0.3.9) +598 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.80.11)
litellm PYPI version =1.0.0, =0.0.1, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.4.1, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15170825...
Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)
Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)
Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...
PYSEC-2025-88
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.Users are recommended to upgrade to version 2.0.5, which fixes the issue...
PYSEC-2025-88
Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the issue...
CVE-2025-58032
Cross-Site Request Forgery CSRF vulnerability in Bytes.co WP Compiler wp-compiler allows Cross Site Request Forgery.This issue affects WP Compiler: from n/a through = 1.0.0...
Linux Distros Unpatched Vulnerability : CVE-2022-44789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logical issue in OgetOwnPropertyDescriptor in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory...
Security Bulletin: Vulnerability Malicious File Upload affects IBM Integrated Analytics System
Summary The file upload functionality in IIAS has been enhanced to enforce stricter validation across all supported file types. Extension check were implemented to ensure uploaded files match their expected format and content. This prevents the upload of malicious or improperly formatted files an...
CVE-2025-52775
Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through = 1.0.0...
Security Bulletin: IBM Event Processing is vulnerable to Improper Authentication
Summary IBM Event Processing's backend contains a version of JDBC driver that may allow unwanted connections. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with...
CVE-2025-54882
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...