Lucene search
K

105 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 12:39 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in tomcat-embed-core-9.0.115.jar

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in tomcat-embed-core-9.0.115.jar Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. Th...

9.1CVSS6.1AI score0.0504EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:30 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...

7.5CVSS5.4AI score0.0504EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:24 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service...

7.5CVSS5.3AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:44 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is...

9.8CVSS6.9AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:40 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz Vulnerability Details CVEID:CVE-2026-31808 DESCRIPTION: file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type...

5.3CVSS5.5AI score0.00325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:39 p.m.9 views

Security Bulletin:IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.7AI score0.00838EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:26 p.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not...

8.1CVSS5AI score0.00471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:24 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

8.6CVSS6.1AI score0.00408EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:22 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization...

6.1CVSS7.4AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:16 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.3AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:13 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

8.2CVSS6.2AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:11 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...

9.1CVSS5.4AI score0.00251EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:7 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writ...

9.3CVSS5.4AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:28 p.m.15 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...

7.5CVSS5.8AI score0.02591EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:18 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than...

9.8CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:14 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not...

7.5CVSS5.8AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:10 p.m.15 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

8.2CVSS5.8AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:8 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:12 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-servic...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:9 p.m.13 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

7.5CVSS7.3AI score0.00486EPSS
Exploits0Affected Software1
Rows per page
Query Builder