Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)

Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...

Security Bulletin: Multiple Vulnerabilities affect IBM Watson Studio in Cloud Pak for Data.

Summary Multiple vulnerabilities have been addressed in IBM Watson Studio in Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the...

Security Bulletin: IBM Watson Studio for IBM Cloud Pak for Data is affected by vulnerability in path-to-regexp

Summary IBM Watson Studio for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

EUVD-2018-12261

Malware in sbrugna...

EUVD-2019-13942

Malware in sbrugna...

EUVD-2025-31132

Malicious code in bioql PyPI...

EUVD-2024-43398

Malicious code in bioql PyPI...

EUVD-2024-54928

Malicious code in bioql PyPI...

Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability

Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...

CVE-2025-33116

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IBM Watson Studio Cross-Site Scripting Vulnerability

IBM Watson Studio is a data science and machine learning platform from IBM, integrated into Cloud Pak for Data, for building, training and deploying AI models. A cross-site scripting vulnerability exists in IBM Watson Studio versions 4.0 through 5.2.0 that stems from not adequately filtering user...

CVE-2025-33116

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-33116

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-33116

IBM Watson Studio on Cloud Pak for Data versions 4.0–5.2.0 are affected by CVE-2025-33116, a cross-site scripting flaw caused by insufficient input filtering in the Web UI that could allow an authenticated user to inject arbitrary JavaScript and potentially disclose credentials in a trusted sessi...

CVE-2025-33116 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-33116 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

IBM Watson Studio 跨站脚本漏洞

IBM Watson Studio is a data science and machine learning platform from IBM, integrated into Cloud Pak for Data, for building, training and deploying AI models. A cross-site scripting vulnerability exists in IBM Watson Studio versions 4.0 through 5.2.0 that stems from not adequately filtering user...

Security Bulletin: Due to use of Connect2id Nimbus JOSE+JWT, IBM Watson Studio in Cloud Pak for Data is affected by denial of service

Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration cou...

IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...