Lucene search
K

48 matches found

Cvelist
Cvelist
added 2026/06/30 7:39 p.m.46 views

CVE-2026-12084 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:39 p.m.21 views

CVE-2026-12084

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by CVE-2026-12084 due to a permissive Cross-Domain Security Policy with untrusted domains in UCD versions 8.1–8.1.2.6 and 8.2–8.2.1.0. This CORS misconfiguration could allow an attacker to perform privileged actions and retrieve sensitive...

7.5CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:39 p.m.6 views

CVE-2026-12084

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/30 7:38 p.m.5 views

EUVD-2026-40391

IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attack...

6.5CVSS5.7AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:38 p.m.26 views

CVE-2026-12085

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) are affected by CVE-2026-12085, which allows authenticated users to view sensitive configurations and secrets in API responses. Affected versions include UCD 7.3 through 7.3.2.18 and IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8....

6.5CVSS5.7AI score0.00234EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.8 views

CVE-2025-13489

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS6.3AI score0.00167EPSS
Exploits0References1
NVD
NVD
added 2025/12/15 8:15 p.m.5 views

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...

5CVSS0.00165EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 7:51 p.m.5 views

CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.9AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 7:51 p.m.25 views

CVE-2025-13489 IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/15 7:43 p.m.3 views

CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS6.1AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 7:43 p.m.25 views

CVE-2025-14148 IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token...

6.5CVSS0.00263EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 8:42 p.m.6 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information (CVE-2025-13489)

Summary Certain versions of the IBM DevOps Deploy include a configuration file that does not enforce redirecting HTTP traffic to HTTPS as intended CVE-2025-13489 Vulnerability Details CVEID:CVE-2025-13489 DESCRIPTION: IBM DevOps Deploy transmits data in clear text that could allow an attacker to...

5.9CVSS6.2AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 8:42 p.m.7 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability (CVE-2025-14148)

Summary IBM DevOps Deploy could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. CVE-2025-14148 Vulnerability Details CVEID:CVE-2025-14148 DESCRIPTION: IBM DevOps Deploy could allow an authenticated user with LLM integration...

6.5CVSS6.5AI score0.00263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/14 2:36 p.m.6 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

7.5CVSS6.3AI score0.00631EPSS
Exploits2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-45784

Malicious code in bioql PyPI...

3.1CVSS6.6AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-52326

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-19895

Malicious code in bioql PyPI...

4.4CVSS5.1AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19919

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00411EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19920

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8494

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.00163EPSS
Exploits0References2
Rows per page
Query Builder