Lucene search
K

632 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/11 5:12 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...

8.7CVSS5.2AI score0.00689EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.5 views

CVE-2025-41759

An administrator may attempt to block all networks by specifying "\" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.4 views

EUVD-2025-208365

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/09 8:16 a.m.3 views

CVE-2025-41759 Use of wildcard (“*” or “all”) in Block list

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 8:16 a.m.31 views

CVE-2025-41759 Use of wildcard (“*” or “all”) in Block list

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

4.9CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 8:16 a.m.13 views

CVE-2025-41759

CVE-2025-41759 describes a logic issue in the block-list handling where using a wildcard, i.e., "*" or "all", to block networks is silently treated as network 0, resulting in no networks being blocked. The description does not specify affected products, versions, or root cause beyond this interpr...

4.9CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 1:39 p.m.5 views

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.8CVSS5.9AI score0.00213EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/05 12:15 p.m.4 views

Interpretation Conflict

Overview org.eclipse.jetty:jetty-server is a lightweight highly scalable java based web server and servlet engine. Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of invalid or unusual URIs in the parse function on HttpURI.java‎. An attacke...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 2026/03/04 9:15 a.m.4 views

CVE-2026-27444

SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it...

7.8CVSS0.00213EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/03 10:23 p.m.3 views

Interpretation Conflict

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict through a mismatch in policy and runtime interpretation of wrapper commands using GNU env -S semantics. An attacker can execute unintended commands by injecting...

5.7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/02 9:49 p.m.6 views

Interpretation Conflict

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Interpretation Conflict via the platform or deviceFamily metadata fields. An attacker can expand node command availability beyond intended defaults by supplying Unicode-confusable values...

6.9CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/02/26 10:20 p.m.4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

8.7CVSS6AI score0.00255EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 10:20 p.m.3 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

8.7CVSS6AI score0.00255EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/26 10:20 p.m.4 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the JSON-RPC and MCP protocol message parsing. An attacker can bypass intermediary inspection or cause cross-implementation inconsistencies by sending protocol messages with non-standard field casing or Unicod...

8.7CVSS6AI score0.00255EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 3:4 a.m.10 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

9.8CVSS6.7AI score0.03092EPSS
Exploits4Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

opa-envoy-plugin 安全漏洞

opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...

7.1CVSS5.8AI score0.0038EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.13 views

openSUSE 16 Security Update : golang-github-prometheus-prometheus (openSUSE-SU-2026:20177-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20177-1 advisory. Update to version 3.5.0: Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of...

8.6CVSS6.7AI score0.01535EPSS
Exploits1References6
Snyk
Snyk
added 2026/02/02 10:23 p.m.4 views

Interpretation Conflict

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict via the Content-Type header processing. An attacker can bypass body validation by appending a tab character \t and arbitrary content to the Content-Type header,...

8.7CVSS5.7AI score0.0077EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.3 views

FreeBSD : zeek -- potential DoS vulnerability (8173e68a-88f3-4862-882c-6e58779d98e7)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8173e68a-88f3-4862-882c-6e58779d98e7 advisory. Tim Wojtulewicz of Corelight reports: Zeek's HTTP analyzer can be tricked into interpreting...

5.9AI score
Exploits0References2
F5 Networks
F5 Networks
added 2026/01/22 9:27 p.m.10 views

K000159607: Node-forge vulnerability CVE-2025-12816

Security Advisory Description An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic...

8.6CVSS6.4AI score0.00689EPSS
Exploits1
Rows per page
Query Builder