CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2026/04/16 5:54 p.m.•2 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allo...

IBM Security Bulletins•added 2026/04/16 12:23 p.m.•4 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a...

5.3CVSS5.7AI score0.00006EPSS

IBM Security Bulletins•added 2026/04/16 12:20 p.m.•2 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

IBM Security Bulletins•added 2026/04/15 11:7 a.m.•2 views

Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance

Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-22701 Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition...

5.3CVSS5.7AI score0.00006EPSS

IBM Security Bulletins•added 2026/04/14 2:57 p.m.•3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2026-22701]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, due to a TOCTOU race condition vulnerability that exists in the SoftFileLock implementation of the filelock package CVE-2026-22701. Filelock is used in our speech service...

5.3CVSS5.7AI score0.00006EPSS

IBM Security Bulletins•added 2026/04/14 2:56 p.m.•1 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2025-68146]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, caused by a Time-of-Check-Time-of-Use TOCTOU race condition that allows local attackers to corrupt or truncate arbitrary user files through symlink attacks CVE-2025-68146...

6.5CVSS7.3AI score0.00004EPSS

IBM Security Bulletins•added 2026/04/07 10:58 a.m.•2 views

Security Bulletin: TOCTOU Symlink Vulnerability in filelock, affects watsonx.data

Summary filelock versions prior to 3.20.1 are vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. Local attackers can exploit this via symlinks to corrupt or truncate arbitrary files during lock creation on Unix, Linux, macOS, and Windows. The issue is fixed in version 3.20.1; partia...

6.5CVSS7.3AI score0.00004EPSS

IBM Security Bulletins•added 2026/03/31 12:54 p.m.•3 views

Security Bulletin: Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701.

Summary Maximo AI Service uses werkzeug-3.1.4-py3-none-any.whl, filelock-3.20.1-py3-none-any.whl which is vulnerable to CVE-2026-21860 and CVE-2026-22701. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelo...

6.3CVSS5.8AI score0.00034EPSS

IBM Security Bulletins•added 2026/03/30 7:10 a.m.•4 views

Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701.

Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to...

5.3CVSS5.8AI score0.00006EPSS

IBM Security Bulletins•added 2026/03/23 2:6 p.m.•3 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

6.5CVSS7.4AI score0.00004EPSS

IBM Security Bulletins•added 2026/03/23 1:59 p.m.•3 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...

6.5CVSS7.4AI score0.00004EPSS

IBM Security Bulletins•added 2026/03/20 10:42 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146

Summary IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent fi...

6.5CVSS7.4AI score0.00004EPSS

IBM Security Bulletins•added 2026/02/27 12:41 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701.

Summary IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock...

6.5CVSS6AI score0.00006EPSS

Veracode•added 2026/02/25 9:40 a.m.•1 views

Time-of-Check-Time-of-Use (TOCTOU) Race Condition

filelock is vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. The vulnerability is due to improper file existence checking before opening lock files with truncation, which allows an attacker to exploit a symlink race and corrupt or truncate arbitrary files...

Exploits1References7Affected Software1

IBM Security Bulletins•added 2026/01/16 9:26 a.m.•6 views

Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance

Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68146 Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a...