1592 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON [CVE-2026-32874, CVE-2026-32875]
Summary IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON due to multiple issues CVE-2026-32874, CVE-2026-32875. UltraJSON is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]
Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]
Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]
Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...
Permissive Cross-domain Policy with Untrusted Domains
Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the generateTextToSpeech handler in the text-to-speech endpoint. An attacker can make a victim’s browser send authenticated requests from any...
NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
NPM: Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
GHSA-M837-XVXR-VQWG Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
Summary The TTS generation endpoint sets Access-Control-Allow-Origin: as a hardcoded response header, independent of the server's CORS configuration. This enables any webpage to make cross-origin requests to generate speech using stored credentials. Root Cause typescript //...
Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse from any webpage
Summary The TTS generation endpoint sets Access-Control-Allow-Origin: as a hardcoded response header, independent of the server's CORS configuration. This enables any webpage to make cross-origin requests to generate speech using stored credentials. Root Cause typescript //...
Astra Linux – Vulnerability in Thunderbird
The parent process does not properly check whether the Speech Synthesis feature is enabled when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9...
Astra Linux – Vulnerability in Chromium
Potential users of the Speech Recognizer feature in Google Chrome on Android before version 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Speech Recognition in Google Chrome prior to version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-8963
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
PT-2026-54028
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description The text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts sets the Access-Control-Allow-Origin header to a hardcoded wildcard , ignoring the server's configur...
CVE-2026-8963
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
CVE-2026-8963
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...
UBUNTU-CVE-2026-8963
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...