CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126078 matches found

IBM Security Bulletins•added 2026/04/28 10:25 p.m.•10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink insid...

7.1CVSS6.1AI score0.00288EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 9:28 p.m.•5 views

Security Bulletin: Langflow OSS affected by vulnerabilies in xmldom versions prior to 0.9.9

Summary Langflow OSS affected by vulnerabilies in xmldom versions prior to 0.9.9 Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...

7.5CVSS5.2AI score0.00424EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 9:25 p.m.•10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0

Summary IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0 Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS7.6AI score0.00522EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 9:4 p.m.•2 views

Security Bulletin: Server-Side Request Forgery (SSRF) in Langflow URL Component

Summary IBM Langflow Desktop contains a Server-Side Request Forgery SSRF vulnerability in the URL data source component where user-supplied URLs are insufficiently validated before being used in backend HTTP requests, allowing authenticated attackers to force the Langflow server to make arbitrary...

6.5CVSS5.8AI score0.00167EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 9:3 p.m.•4 views

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

6.4CVSS5.5AI score0.00157EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 9:2 p.m.•4 views

Security Bulletin: Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its API v2 file upload functionality where the POST /api/v2/files endpoint fails to validate and sanitize user-supplied filenames before passing them to the LocalStorageService, resulting in a path traversal condition that allows...

6.5CVSS6.8AI score0.00374EPSS

Exploits0Affected Software1

Snyk•added 2026/04/28 9:0 p.m.•5 views

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in crypto/algifaead.c. The authencesn cryptographic template has a 4-byte overwrite past the end of its buffer, which can be controlled to write into the page cache of any readable file. This allows a...

8.5CVSS7.5AI score0.96775EPSS

Exploits228References2

IBM Security Bulletins•added 2026/04/28 8:56 p.m.•5 views

Security Bulletin: Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its code validation functionality where the /api/v1/validate/code endpoint uses Python's exec to process user-supplied input and fails to account for decorator execution during function definition parsing, allowing authenticated attackers t...

8.8CVSS6.3AI score0.0047EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 8:7 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regul...

8.7CVSS7.2AI score0.00519EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 8:3 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution...

8.2CVSS6.6AI score0.00519EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 7:28 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...

8.7CVSS5.3AI score0.00555EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 7:25 p.m.•2 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. T...

4.8CVSS5.1AI score0.00112EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 7:21 p.m.•2 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28351 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.2AI score0.00423EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 7:11 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or...

7.5CVSS7.2AI score0.0111EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 6:50 p.m.•2 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of DOMPurify

Summary Due to use of DOMPurify, DevOps Test Performance and Rational Performance Tester contain a potential Cros-Site Scripting XSS vulnerability. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions...

6.9CVSS5AI score0.00263EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/28 2:50 p.m.•4 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-1346...

9.9CVSS6.6AI score0.01075EPSS

Exploits6Affected Software1

IBM Security Bulletins•added 2026/04/28 2:14 p.m.•5 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

6.5CVSS7.7AI score0.00159EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/28 1:50 p.m.•5 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch. CVE-2026-26996 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting gl...

8.7CVSS7.3AI score0.00519EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2026/04/28 1:6 p.m.•11 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

9.8CVSS7.4AI score0.00611EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2026/04/28 1:3 p.m.•2 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

9.8CVSS8.9AI score0.00611EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by