Lucene search
K

64 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/03 7:53 p.m.4 views

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/27 12:31 a.m.7 views

GHSA-429M-9874-RX9W PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.3CVSS5.4AI score0.00362EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/26 11:32 p.m.3 views

CVE-2026-3270 psi-probe PSI Probe Whois Whois.java lookup server-side request forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.5CVSS6.1AI score0.00362EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 8:37 a.m.11 views

Security Bulletin: Due to the use of go-redis, IBM watsonx.ai on Cloud Pak for Data is vulnerable to out of order response during time-outs

Summary IBM watsonx.ai on Cloud Pak for Data internally uses go-redis CVE-2025-29923 Vulnerability Details CVEID:CVE-2025-29923 DESCRIPTION: go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order...

3.7CVSS7AI score0.00694EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:28 a.m.5 views

Security Bulletin: Vulnerability in markdown-it affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in markdown-it has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

6.9CVSS5.1AI score0.00229EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.7 views

Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5.4CVSS6.2AI score0.00271EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

5.3CVSS4.6AI score0.00331EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:26 a.m.10 views

Security Bulletin: Vulnerability in form-data affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in form-data has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.4CVSS5.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:26 a.m.7 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

3.4CVSS6.3AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/15 1:30 p.m.10 views

WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fashion versions 5.3.0...

9.8CVSS7AI score0.00385EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.7 views

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

5.3CVSS6.8AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.6 views

CVE-2025-54407

Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS5.9AI score0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/12 5:2 a.m.32 views

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

5.4CVSS0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 5:2 a.m.5 views

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

5.1CVSS4.9AI score0.00109EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 5:1 a.m.10 views

CVE-2025-57883

CVE-2025-57883 is a reflected cross-site scripting vulnerability affecting Japan Total System GroupSession components: Free edition prior to ver5.3.0, byCloud prior to ver5.3.3, and ZION prior to ver5.3.2. The issue allows an arbitrary script to run in the user’s browser when a crafted page or UR...

6.1CVSS5.7AI score0.0016EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/12 5:1 a.m.4 views

CVE-2025-57883

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS5.7AI score0.0016EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

Japan Total System多款产品 跨站请求伪造漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site request forgery vulnerability exists in various Japan Total System products, which stems from a cross-site request forgery issue that could lead to the...

5.1CVSS4.9AI score0.00109EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 9:25 p.m.3 views

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS5.8AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 9:25 p.m.10 views

CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.10 views

PT-2025-44056

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.3.0 Description eLabFTW, an electronic lab notebook, allowed the serving of uploaded SVG files inline. Due to SVG’s support for active content, a malicious SVG file could be uploaded and executed when viewed, leadin...

6.8CVSS5.5AI score0.0024EPSS
Exploits0References5
Rows per page
Query Builder