Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].

Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION:...

EUVD-2025-5954

Malicious code in bioql PyPI...

AZL-77514 CVE-2025-30204 affecting package keda for versions less than 2.4.0-32

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-52216 CVE-2024-51744 affecting package etcd for versions less than 3.5.18-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52183 CVE-2024-51744 affecting package cert-manager for versions less than 1.12.15-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

PT-2021-23690 · Gjson +1 · Gjson +1

Name of the Vulnerable Software and Affected Versions: GJSON versions prior to 1.9.3 Description: The issue allows a ReDoS regular expression denial of service attack. GJSON is a Go package that provides a fast and simple way to get values from a JSON document. A maliciously crafted path can caus...