Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

openITCOCKPIT 代码问题漏洞

openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization points in the Gearman worker implementation, which may lead to PHP object injection attacks...

CVE-2026-23643 CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

EUVD-2025-3916

Malicious code in bioql PyPI...

CVE-2025-5116

The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-15724 · Unknown · Youtube Embed

Name of the Vulnerable Software and Affected Versions: YouTube Embed versions n/a through 5.3.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS vulnerability in the YouTube...

Invoke 安全漏洞

Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. A security vulnerability exists in Invoke versions 5.3.1 through 5.4.2, which stems from improper deserialization of model files and could lead to remote code execution...

CVE-2024-43265

Cross-Site Request Forgery CSRF vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1...

PT-2023-29302 · WordPress · Auto Amazon Links

Name of the Vulnerable Software and Affected Versions: Auto Amazon Links plugin for WordPress versions up to, and including, 5.3.1 Description: The issue is related to Stored Cross-Site Scripting via the style parameter due to insufficient input sanitization and output escaping. This allows...

Emlog 代码问题漏洞

emlog is a powerful blog and CMS builder based on PHP and MySQL. A remote code execution vulnerability exists in emlog versions 5.3.1, 6.0.0. The vulnerability stems from uploading a database backup file in admin/data.php. An attacker can exploit this vulnerability to achieve remote code executio...

CVE-2018-16144

The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancidpassword parameter...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2017-1504)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...