Lucene search
+L

41 matches found

attackerkb
attackerkb
added 2026/06/23 8:59 p.m.7 views

CVE-2026-41862

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS6.5AI score0.00423EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2026/06/18 7:15 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Cryptography [CVE-2026-34073] [CVE-2026-39892]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation and Improper Restriction of Operations within the Bounds of a Memory Buffer in Cryptography CVE-2026-34073 CVE-2026-39892. Cryptography is used in our speech runtimes. This vulnerabilitiy has been...

9.8CVSS5.6AI score0.00652EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/05/21 3:23 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in LangChain [CVE-2026-34070]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in LangChain, due to multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection...

7.5CVSS6.1AI score0.01204EPSS
Exploits2Affected Software1
ibm
ibm
added 2026/05/21 3:0 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

8.7CVSS5.8AI score0.00593EPSS
Exploits1Affected Software1
vulnersosv
vulnersosv
added 2026/05/07 12:6 a.m.6 views

be.appify.prefab:prefab-sns-sqs (>=0.4.0 <=0.7.1), be.appify.prefab:prefab-test (>=0.4.0 <=0.7.1) +8 more potentially affected by CVE-2026-44308 via io.awspring.cloud:spring-cloud-aws-sns (>=4.0.0-M1 <=4.0.1)

io.awspring.cloud:spring-cloud-aws-sns MAVEN version =4.0.0-M1, =0.4.0, =0.4.0, =4.0.0, =4.0.0, =4.0.0, =2.1.0, =1.3.0, =7.0.0, =7.0.0, =7.3.1 Source cves: CVE-2026-44308 Source advisory: SNYK:JAVA-IOAWSPRINGCLOUD-16799818...

6.3CVSS5.4AI score0.00179EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/06 12:0 a.m.9 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-41002 Source advisory:...

8.1CVSS5.7AI score0.0022EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/28 12:31 a.m.7 views

com.devskiller.friendly-id:friendly-id-openfeign (>=2.0.0-alpha3 <=2.0.0-beta5), io.github.bluetape4k:bluetape4k-spring-boot4-cassandra (>=1.5.0 <=1.7.0) +18 more potentially affected by CVE-2026-40975 via org.springframework.boot:spring-boot-cassandra (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot-cassandra MAVEN version =4.0.0, =2.0.0-alpha3, =1.5.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.5 - org.springframework.boot:spring-boot-starter-data-cassan...

8.2CVSS5.8AI score0.00312EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/27 12:30 a.m.11 views

cc.allio.uno:uno-data-db (>=1.1.9 <=1.2.1), cc.allio.uno:uno-test (>=1.1.9 <=1.2.1) +210 more potentially affected by CVE-2026-7045 via com.baomidou:dynamic-datasource-spring (>=4.0.0-B1 <=4.5.0)

com.baomidou:dynamic-datasource-spring MAVEN version =4.0.0-B1, =1.1.9, =1.1.9, =2024.1.1.0, =2023.5.1.0, =2022.5.0.0, =2022.4.1.0, =1.0.0-JDK21, =1.0.0-JDK21, =5.2.4, =4.0.0, =4.0.0, =4.5.0 and more Source cves: CVE-2026-7045 Source advisory: OSV:GHSA-6RMM-PG23-5F8Q...

6.5CVSS6.5AI score0.00237EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/23 12:0 a.m.6 views

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-rag-elasticsearch (=2.0.0-M1.1), com.alibaba.cloud.ai:spring-ai-alibaba-rag (=2.0.0-M1.1) +43 more potentially affected by CVE-2026-40970 via org.springframework.boot:spring-boot-elasticsearch (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-elasticsearch MAVEN version =4.0.0-M1, =2.0.0-alpha3, =1.2.1, =0.1.0, =2025.12, =2026.04 - io.github.vsvyatski:content-fs-spring-boot-starter =4.0.0 - io.github.vsvyatski:content-jpa-spring-boot-starter =4.0.0 -...

6.8CVSS5.7AI score0.00136EPSS
Exploits0
ibm
ibm
added 2026/04/14 4:50 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS6.6AI score0.00626EPSS
Exploits0Affected Software1
vulnersosv
vulnersosv
added 2026/03/23 12:0 a.m.7 views

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.06.01 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-22739 Source advisory:...

8.6CVSS7.2AI score0.0122EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/02/26 6:18 a.m.9 views

5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +4163 more potentially affected by CVE-2026-27942 via fast-xml-parser (>=4.0.0-beta.2 <=4.5.3)

fast-xml-parser NPM version =4.0.0-beta.2, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-27942 Source advisory: SNYK:JS-FASTXMLPARSER-15353391...

7.5CVSS7.2AI score0.00478EPSS
Exploits0
cvelist
cvelist
added 2026/02/03 6:5 p.m.34 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS0.00304EPSS
Exploits1References4
nvd
nvd
added 2025/12/22 10:16 p.m.13 views

CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

5.3CVSS0.00252EPSS
Exploits0References2
nvd
nvd
added 2025/12/11 8:15 p.m.8 views

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.8CVSS0.00318EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2025/12/11 3:30 p.m.10 views

dev.macula.boot:macula-boot-starter-powerjob (=5.0.0-RC2), io.github.dudiao:powerjob-remote-smart-http (>=0.0.3 <=0.0.4) +59 more potentially affected by CVE-2025-14518 via tech.powerjob:powerjob-common (>=4.0.0 <=5.1.2)

tech.powerjob:powerjob-common MAVEN version =4.0.0, =0.0.3, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.6.1 and more Source cves: CVE-2025-14518 Source advisory: OSV:GHSA-8XQM-6FJ2-HFGF...

9.8CVSS6.5AI score0.00323EPSS
Exploits3
redhatcve
redhatcve
added 2025/12/11 12:58 a.m.13 views

CVE-2025-67507

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect...

8.1CVSS6.7AI score0.00312EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/11/17 12:0 a.m.13 views

PT-2025-47141

Name of the Vulnerable Software and Affected Versions Mendix RichText versions 4.0.0 through 4.6.0 Description The Mendix RichText widget does not properly neutralize input, which could allow an attacker to execute cross-site scripting attacks. Recommendations Update to version 4.6.1 or later...

6.8CVSS6.2AI score0.00231EPSS
Exploits0References5
ibm
ibm
added 2025/10/31 6:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-5197]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an exploitable issue in the converttfweightnametoptweightname function CVE-2025-5197. Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...

5.3CVSS6.6AI score0.00391EPSS
Exploits1Affected Software1
vulnersosv
vulnersosv
added 2025/10/29 10:43 a.m.7 views

@chirpy-dev/analytics (=0.0.1), @chirpy-dev/ui (=0.0.1) +40 more potentially affected by unknown CVE via next-auth (>=4.0.0-beta.6 <=4.24.11)

next-auth NPM version =4.0.0-beta.6, =1.9.0, =0.1.0-0, =0.0.2, =1.0.0, =1.0.0, =4.0.0-alpha.24, =0.0.0-experimental-20260318092212, =0.0.0-experimental-20260318092212, =0.6.1, =0.0.0-0d361a26c, =1.11.1-ee257e05.17 and more Source cves: unknown CVE Source advisory: SNYK:JS-NEXTAUTH-13744118...

5.5AI score
Exploits0
Rows per page
Query Builder