PT-2025-51282

Name of the Vulnerable Software and Affected Versions IBM UrbanCode Deploy versions 7.1 through 7.1.2.27 IBM UrbanCode Deploy versions 7.2 through 7.2.3.20 IBM UrbanCode Deploy versions 7.3 through 7.3.2.15 IBM DevOps Deploy versions 8.0 through 8.0.1.10 IBM DevOps Deploy versions 8.1 through...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by multiple Apache Tomcat vulnerabilities (CVE-2025-55752, CVE-2025-61795)

Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCDas part of the user web interface and API. CVE-2025-55752, CVE-2025-61795 Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a...

Security Bulletin: IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information (CVE-2025-13489)

Summary Certain versions of the IBM DevOps Deploy include a configuration file that does not enforce redirecting HTTP traffic to HTTPS as intended CVE-2025-13489 Vulnerability Details CVEID:CVE-2025-13489 DESCRIPTION: IBM DevOps Deploy transmits data in clear text that could allow an attacker to...

Security Bulletin: IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability (CVE-2025-14148)

Summary IBM DevOps Deploy could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. CVE-2025-14148 Vulnerability Details CVEID:CVE-2025-14148 DESCRIPTION: IBM DevOps Deploy could allow an authenticated user with LLM integration...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

EUVD-2024-21055

Malicious code in bioql PyPI...

EUVD-2025-15132

Malicious code in bioql PyPI...

EUVD-2025-8494

Malicious code in bioql PyPI...

EUVD-2025-8284

Malicious code in bioql PyPI...

EUVD-2025-7995

Malicious code in bioql PyPI...

EUVD-2025-7994

Malicious code in bioql PyPI...

EUVD-2024-52326

Malicious code in bioql PyPI...

EUVD-2024-45784

Malicious code in bioql PyPI...

EUVD-2024-39431

Malicious code in bioql PyPI...

EUVD-2024-21056

Malicious code in bioql PyPI...

EUVD-2024-19895

Malicious code in bioql PyPI...

EUVD-2024-19919

Malicious code in bioql PyPI...

EUVD-2024-19920

Malicious code in bioql PyPI...

EUVD-2024-21053

Malicious code in bioql PyPI...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by an Uncontrolled Recursion Vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary Connect2id Nimbus JOSE + JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of integrating with OpenID Connect providers OIDC and is affected by an Uncontrolled Recursion Vulnerability. CVE-2025-53864. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id...