Lucene search
K

214 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 1:20 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.317 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option ...

9.8CVSS7.5AI score0.02874EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:39 p.m.8 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF007 and 25.0.1-IF001. These vulnerabilities have been also adressed in 24.0.1-IF007 and 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

8.8CVSS7.3AI score0.03992EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:31 p.m.6 views

Security Bulletin: qs Array Limit Bypass via Comma Parsing Enables Denial of Service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

7.5CVSS6.8AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 12:2 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 6:41 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...

8.7CVSS6.3AI score0.0061EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:41 p.m.9 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat. Vulnerabilities include the flaw in Eclipse Jetty could be used to bypass the authorization imposed by the intermediary as the...

9.8CVSS7AI score0.20985EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:21 p.m.7 views

Security Bulletin: Vulnerabilities in lodash, qs might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in lodash, qs, and react-router. Vulnerabilities include allowing an attacker to cause improper modification of object attributes, open redirect, and denial of service. More details are described by the...

8.2CVSS6.4AI score0.01535EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 3:44 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerabilty related to use of the qs library

Summary Due to the use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential denial-of-service vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when...

7.5CVSS6.4AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:58 p.m.6 views

Security Bulletin: Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205.

Summary Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit opti...

7.5CVSS6.4AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 2:32 p.m.3 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to qs (CVE-2025-15284)

Summary The qs package is used in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits f...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:0 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)

Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:47 p.m.4 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input...

6.3CVSS6.3AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 11:4 a.m.4 views

Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284

Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 12:3 p.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...

7.5CVSS7.3AI score0.00414EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 9:57 p.m.4 views

Security Bulletin: A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL 8.3 on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The...

6.3CVSS6AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 7:0 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit option in qs does not enforce...

6.3CVSS5.5AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 4:10 p.m.7 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser (CVE-2025-13466) and qs (CVE-2025-15284, CVE-2026-2391)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser CVE-2025-13466 and qs CVE-2025-15284, CVE-2026-2391. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability...

7.5CVSS5.7AI score0.00478EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:10 p.m.8 views

Security Bulletin: Vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-15284)

Summary There are 2 vulnerabilities in qs-6.11.0.tgz, qs-6.13.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...

6.3CVSS5.6AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:4 p.m.12 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.03092EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/12 5:4 p.m.14 views

qs's arrayLimit bypass in comma parsing allows denial of service

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

7.5CVSS5.5AI score0.00478EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder