The Hidden Security Risks of Poor Software Testing

Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release...

data-prep-toolkit-transforms (>=0.2.1.dev0 <=0.2.1.dev2), data-prep-toolkit-transforms-ray (>=0.2.1.dev0 <=0.2.1.dev2) +14 more potentially affected by CVE-2026-44023 via docling-core (>=1.7.2 <=2.74.0)

docling-core PYPI version =1.7.2, =0.2.1.dev0, =0.2.1.dev0, =1.0.0, =1.0.0, =0.19.2, =0.14.1, =0.4.0, =0.2.0, =0.0.1, =0.4.1 - resume-ats =0.1.0 - smart-pdf-for-business =1.0.0 and more Source cves: CVE-2026-44023 Source advisory: OSV:GHSA-JMMV-H3MP-59V8...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses fast-xml-parser-5.3.6.tgz, mlflow-3.9.0rc0-py3-none-any.whl, bcpkix-jdk18on-1.79.jar, pythonmultipart-0.0.24-py3-none-any.whl, bcprov-jdk18on-1.79.jar, spring-security-core-6.5.9.jar, spring-boot-autoconfigure-3.5.13.jar, spring-web-6.2.17.jar,...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.9.0rc0-py3-none-any.whl, bcprov-jdk18on-1.79.jar, mlflow-3.8.1-py3-none-any.whl and GitPython-3.1.44-py3-none-any.whl which are vulnerable to CVE-2026-0545, CVE-2025-14813, CVE-2026-0636, CVE-2026, CVE-2025-15031, CVE-2025-15036, CVE-2025, CVE-2026-42215,...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses qs-6.13.0.tgz, qs-6.14.0.tgz, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2025-15284, CVE-2026-2391, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information regardin...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +1147 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22751 Source advisory: OSV:GHSA-X2WQ-9X2F-FHJ7...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT Component uses "lz4-java-1.8.0.jar, werkzeug-3.1.3-py3-none-any.whl, urllib3-2.3.0-py3-none-any.whl, urllib3-2.6.0-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl, pyasn1-0.6.1.tar.gz, github.com/opencontainers/runc v1.1.13,...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary BM Maximo Application Suite uses "github.com/opencontainers/runc v1.1.13, java 1.8.0391 , java17" which are vulnerable to "CVE-2025-31133, CVE-2025-52565,CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945,...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"fonttools-4.44.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, fonttools-4.55.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, werkzeug-3.0.6-py3-none-any.whl, filelock-3.13.4-py3-none-any.whl,...

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source libraries, it becomes even more imperative to comprehend and...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

CVE-2025-12104

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12104 Incorrect Content-Type Header

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Bytecode-Centric Detection of Known-To-Be-Vulnerable Dependencies in Java Projects

On average, 71% of the code in typical Java projects comes from open-source software OSS dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a considerable security risk of adding known security vulnerabilities to...

An Empirical Study of Vulnerable Package Dependencies in LLM Repositories

Large language models LLMs have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and interconnected LLM dependency supply chain. Vulnerabilities ...

S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable links in critical software supply chains. These attacks...