Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in golang.org/x/net-v0.48.0

Summary IBM Watson Discovery Cartridge affected by vulnerability in golang.org/x/net-v0.48.0 Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain ...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.132.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.132.Final.jar Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-33155 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitra...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postcss-8.5.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in postcss-8.5.5.tgz Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5....

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-1669 DESCRIPTION: Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM po...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.129.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.129.Final.jar Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.129.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.129.Final.jar Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrect...