Lucene search
+L

368 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:39 p.m.11 views

Security Bulletin:IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.7AI score0.00808EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:28 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

9.8CVSS6.8AI score0.01735EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 3:11 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...

9.1CVSS5.4AI score0.00251EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 2:59 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...

6.9CVSS5.4AI score0.00313EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 2:57 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...

6.3CVSS5.5AI score0.00351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:28 p.m.16 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...

7.5CVSS5.8AI score0.025EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:24 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...

9.9CVSS5.8AI score0.01161EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:10 p.m.16 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

8.2CVSS5.8AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:18 p.m.16 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain ...

9CVSS7AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:16 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...

9.9CVSS6.8AI score0.01815EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:14 p.m.30 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.14.2.jar Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. This...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:42 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token wi...

7.5CVSS5.8AI score0.00248EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:16 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 7:14 p.m.17 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior t...

5.1CVSS5.7AI score0.00388EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 4:11 a.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 4:4 a.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file...

4.8CVSS5.3AI score0.00156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:28 p.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even whe...

6.3CVSS6.7AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 5:38 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

4.5CVSS5.3AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 10:39 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.110.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.110.jar Vulnerability Details CVEID:CVE-2025-66614 DESCRIPTION: Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from...

9.1CVSS7.4AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 8:3 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution...

8.2CVSS6.6AI score0.00541EPSS
Exploits1Affected Software1
Rows per page
Query Builder