105 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in tomcat-embed-core-9.0.115.jar
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in tomcat-embed-core-9.0.115.jar Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. Th...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-29146 DESCRIPTION: Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in postgresql-42.6.1.jar Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz Vulnerability Details CVEID:CVE-2026-31808 DESCRIPTION: file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type...
Security Bulletin:IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writ...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in path-to-regexp-0.1.12.tgz Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in flask-3.1.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.1.tgz Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-servic...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in follow-redirects-1.15.11.tgz Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...