43 matches found
Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...
Security Bulletin: Vulnerability in github.com/jackc/pgx/v5 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage include github.com/jackc/pgx/v5. It is vulnerable to memory-safety vulnerability. CVE-2026-33816 Vulnerability Details CVEID:CVE-2026-33816 DESCRIPTION: Memory-safety vulnerability in github.com/jackc/pgx/v5. CVSS Source: CISA A...
Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...
Security Bulletin: Multiple Vulnerabilities in cryptography bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the cryptography library, which is vulnerable to a critical buffer overflow and an improper certificate validation flaw. A classic buffer overflow vulnerability exists when non-contiguous...
Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...
Security Bulletin: Vulnerability in gRPC-Go bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the gRPC-Go library, which is vulnerable to an authorization bypass. This issue is caused by improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server incorrectly accepted requests where the...
Security Bulletin: Vulnerability in qs bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging include the qs library, which is vulnerable to a Denial of Service DoS due to improper input validation. The arrayLimit option in the library failed to enforce limits specifically for bracket notation a=1, allowing the creation of...
Security Bulletin: Multiple Vulnerabilities in pyOpenSSL bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging include the pyOpenSSL library, which is susceptible to a critical buffer overflow and a "fail-open" security bypass. A classic buffer overflow vulnerability exists when a user-provided cookie generation callback returns a value...
Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...
Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes google.protobuf, which could cause denial-of-service DoS vulnerability. CVE-2026-0994. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict ...
Security Bulletin: Vulnerabilities in Hugging Face Transformers bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes the Hugging Face Transformers library, which could allow a remote attacker to execute arbitrary code on affected installations. These vulnerabilities exist due to the lack of proper validation of user-supplied data during the...
Security Bulletin: Vulnerability in DiskCache with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage includes DiskCache python-diskcache. Following vulnerability can achieve arbitrary code execution. CVE-2025-69872. Vulnerability Details CVEID:CVE-2025-69872 DESCRIPTION: DiskCache python-diskcache through 5.6.3 uses Python...
Security Bulletin: Vulnerability in golang.org/x/crypto bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage include golang.org/x/crypto which could cause early termination of client process. CVE-2025-47913. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response...
Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion
Summary Multiple vulnerabilities affecting IBM Fusion and IBM Fusion HCI could have resulted in reduced security. These issues have since been resolved. CVE-2025-7969, CVE-2025-66221, CVE-2025-65945, CVE-2025-6493, CVE-2025-64756, CVE-2025-64118, CVE-2025-62727, CVE-2025-59952, CVE-2025-5889,...
EUVD-2024-19876
Malicious code in bioql PyPI...
EUVD-2025-28994
Malicious code in bioql PyPI...
CVE-2025-36222
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions...
CVE-2025-36222
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions...
CVE-2025-36222
IBM Fusion 2.2.0 through 2.10.1, IBM Fusion HCI 2.2.0 through 2.10.0, and IBM Fusion HCI for watsonx 2.8.2 through 2.10.0 uses insecure default configurations that could expose AMQStreams without client authentication that could allow an attacker to perform unauthorized actions...