CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

CVE-2026-44405

Paramiko up to 4.0.0 (before commit a4489456b6f65281e172380cc4826cee5e851dbb) permits SHA-1 in rsakey.py. Affected: Paramiko’s RSA key handling. Root cause: use of SHA-1 algorithm. Impact: low (Confidentiality: None, Integrity: Low). Remediation: apply the patch introduced in the a448945 commit (...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even whe...

GHSA-XW8C-RRVX-F7XQ ciguard: SCA HTTP client reads response body without size cap

Summary Both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...

ciguard: SCA HTTP client reads response body without size cap

Summary Both SCA HTTP clients src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py call payload = json.loadsresp.read.decode'utf-8' without a maximum-bytes cap. A hostile or compromised endoflife.date / OSV.dev or a successful TLS MITM could return a multi-GB response,...

GHSA-MGGX-P7JF-JGW4 jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

GHSA-MWGH-92M2-WVHV AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

Summary The unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper class. ICS::escapestring objects/ICS.php:167-169 only escapes , and ; and...

AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing

Summary The unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloadICS, which builds an ICS calendar file via the ICS helper class. ICS::escapestring objects/ICS.php:167-169 only escapes , and ; and...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to versi...

GHSA-W2JH-77FQ-7GP8 OpAMP client reads unbounded HTTP response bodies

Summary When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server i...

OpAMP client reads unbounded HTTP response bodies

Summary When receiving responses from the OpAMP server over HTTP, the OpAMP client allocates an unbounded buffer to read all bytes from the server, with no upper-bound on the number of bytes consumed. This could cause memory exhaustion in the consuming application if the configured OpAMP server i...

Security Bulletin: IBM SPSS Statistics Java SE Vulnerability Updates

Summary Denial of service, unauthorized access and buffer size vulnerabilities have been addressed. Addresses Java CVEs: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188, CVE-2025-2900 and CVE-2025-4447. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE ...

GHSA-WP38-WHX3-XFFH AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass

Summary An authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metadata hosts e.g. http://127.0.0.1:8080/..., http://169.254.169.254/latest/..., RFC1918 addresses. When any other user including a second account owned by the same attacker...

Security Bulletin: IBM SPSS Statistics Java SE Vulnerability Updates

Summary Denial of service, unauthorized access and buffer size vulnerabilities have been addressed. Addresses Java CVEs: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188, CVE-2025-2900 and CVE-2025-4447. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE ...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF007 and 25.0.1-IF001. These vulnerabilities have been also adressed in 24.0.1-IF007 and 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...