Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)

Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go (CVE-2025-61727)

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go, due to an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate CVE-2025-61727. Golang Go is used in our speech-utilities...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in NLTK [CVE-2026-0848]

Summary IBM Watson Speech Services Cartridge is vulnerable arbitrary code execution in NLTK, due to improper input validation in the StanfordSegmenter module CVE-2026-0848. NLTK is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow [CVE-2026-25990]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow, due to an issue that allows this condition to be triggered through the loading of a specially crafted PSD image CVE-2026-25990. Python Pillow is used in our speech service runtimes. This...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2026-22701]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, due to a TOCTOU race condition vulnerability that exists in the SoftFileLock implementation of the filelock package CVE-2026-22701. Filelock is used in our speech service...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug [CVE-2026-21860]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug, due to an Improper Handling of Windows Device Names CVE-2026-21860. Werkzeug is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

EUVD-2022-5925

Malicious code in bioql PyPI...