Lucene search
+L

140 matches found

ibm
ibm
added 2026/06/12 11:10 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-27139 DESCRIPTION: On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference ...

9.8CVSS7AI score0.02415EPSS
Exploits5Affected Software1
ibm
ibm
added 2026/06/12 11:1 a.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior...

9.3CVSS5.2AI score0.00808EPSS
Exploits4Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS5.5AI score0.0045EPSS
Exploits1References1
nvd
nvd
added 2026/04/07 5:16 p.m.10 views

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS0.0045EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/04/07 4:52 p.m.5 views

CVE-2026-39312 Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

7.5CVSS6AI score0.0045EPSS
Exploits1References1
cve
cve
added 2026/04/07 4:52 p.m.20 views

CVE-2026-39312

CVE-2026-39312 affects SoftEtherVPN Developer Edition 5.2.5188 and earlier. It is a pre-authentication denial-of-service where an unauthenticated remote attacker can crash the vpnserver by sending a malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions. The root c...

7.5CVSS6AI score0.0045EPSS
Exploits1References1Affected Software1
ibm
ibm
added 2026/04/07 7:8 a.m.19 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.7.0 Vulnerability Details CVEID:CVE-2025-14009 DESCRIPTION: A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in...

10CVSS7.7AI score0.03136EPSS
Exploits9Affected Software1
ibm
ibm
added 2026/01/30 10:5 a.m.13 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn

Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...

8.7CVSS5.9AI score0.00873EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/01/30 9:41 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to urllib3

Summary urllib3 is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiati...

6.1CVSS5.8AI score0.00409EPSS
Exploits1Affected Software1
ibm
ibm
added 2026/01/30 9:17 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

5.9AI score
Exploits0Affected Software1
ibm
ibm
added 2026/01/30 9:14 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin

Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...

5.9AI score
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/12/22 1:35 p.m.5 views

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS7.2AI score0.00278EPSS
Exploits0References1
euvd
euvd
added 2025/12/19 9:30 p.m.8 views

EUVD-2025-204604

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS6.7AI score0.00278EPSS
Exploits0References2
nvd
nvd
added 2025/12/19 8:15 p.m.6 views

CVE-2025-67712

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS0.00278EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/19 8:5 p.m.27 views

CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder

There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript...

4.7CVSS0.00278EPSS
Exploits0References1
cve
cve
added 2025/12/19 8:5 p.m.20 views

CVE-2025-67712

CVE-2025-67712 is an HTML injection issue affecting Esri ArcGIS Web AppBuilder developer edition before 2.30. The vulnerability could allow a remote, unauthenticated attacker to entice a user to click a link that causes arbitrary HTML to render in the victim’s browser; there is no evidence of Jav...

4.7CVSS6.8AI score0.00278EPSS
Exploits0References2
ibm
ibm
added 2025/12/17 10:49 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Prototype Pollution flaw due to lodash.clonedeep

Summary lodash.clonedeep is used by BM watsonx Orchestrate Developer Edition as part of images: agentic-task-manager, wxo-builder-ui, wxo-connections Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge,...

6.8CVSS6.5AI score0.01553EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/12/17 10:29 a.m.14 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss

Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...

5.3CVSS6.5AI score0.00822EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/12/17 10:25 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Inefficient Regular Expression Complexity due to nth-check

Summary nth-check is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS Source: IBM...

7.5CVSS6.6AI score0.02165EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/12/17 10:21 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...

7.5CVSS6.3AI score0.00738EPSS
Exploits0Affected Software1
Rows per page
Query Builder