Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:3 p.m.8 views

Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671)

Summary There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regula...

7.5CVSS6.1AI score0.00412EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6247

Name of the Vulnerable Software and Affected Versions themelooks Enter Addons versions prior to 2.3.3 Description A Cross-Site Request Forgery CSRF issue exists in themelooks Enter Addons. This allows attackers to perform actions on behalf of authenticated users without their knowledge. The issue...

4.3CVSS5.4AI score0.00098EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/13 5:48 p.m.7 views

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the deserialization of untrusted data. An attacker can execute arbitrary code and tamper with data by providing specially crafted input th...

9.8CVSS7.8AI score0.00522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.9 views

PT-2025-32379

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.3.1 and below Description OpenBao is a software solution for managing, storing, and distributing sensitive data. In affected versions, accounts with access to highly-privileged identity entity systems in root namespaces coul...

8.3CVSS5.9AI score0.00288EPSS
Exploits0References57
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.7 views

PT-2023-7467

Name of the Vulnerable Software and Affected Versions Apache Airflow Drill Provider versions prior to 2.3.2 Description The issue is related to improper input validation in the Apache Airflow Drill Provider. This can allow a remote attacker to impact the confidentiality of protected information...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References20
Node.js
Node.js
added 2021/05/06 4:14 p.m.42 views

Improper Input Validation

Overview sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with...

5CVSS4.4AI score0.01754EPSS
Exploits1Affected Software1
Rows per page
Query Builder