CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2025-36180

CVE-2025-36180 concerns IBM watsonx.data (Lakehouse) versions 2.2–2.3. The issue is an improper restriction of inter-pod communication, potentially allowing an attacker to transfer data between pods without restrictions. The vulnerability’s impact is described as data integrity risk within pod co...

EUVD-2025-209603

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2025-36180

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2025-36180 Inadequate Pod Communication Restrictions, affects watsonx.data

IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions...

CVE-2026-4873

A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection via IMAP, SMTP, or POP3 and then making a subsequent request to the same host that requires Transport Layer Security TLS. Due to incorrect connection reuse, the subsequent request would bypass t...

CVE-2026-41016

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

EUVD-2026-26359

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

CVE-2026-6868

CVE-2026-6868 affects Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, where the HTTP protocol dissector crashes when processing crafted HTTP data, leading to a denial of service. The Red Hat note frames this as a local user opening a specially crafted capture file that crashes Wireshark; SUSE and other s...

SUSE CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

SUSE CVE-2026-7020

A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manipulation of the argument digest results in path traversal. The attack may be performed from remote...

SUSE CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

Progress Software MOVEit 安全漏洞

Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.0, 2024.1.8, and 2024.0.0 contained security vulnerabilities, which were caused by a major vulnerability that...

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. Versions 2.2 to 2.3 of IBM Watsonx.data contain security vulnerabilities. These vulnerabilities stem from insufficient restrictions on communication between Pods, allowing attackers to transfer data between Pods without any...

PT-2026-36192

Name of the Vulnerable Software and Affected Versions IBM watsonx.data versions 2.2 through 2.3 Description IBM Lakehouse does not properly restrict communication between pods, which could allow an attacker to transfer data between pods without restrictions. Recommendations At the moment, there i...

PT-2026-36040

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the HTTP protocol dissector allows for a denial of service. This occurs when the software processes malformed traffic, which can lead to the...

Wireshark 安全漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...

GHSA-MPFM-FPGX-647Q CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

CVE-2026-40560

A flaw was found in Starman. Starman versions before 0.4018 for Perl incorrectly prioritize the "Content-Length" header over "Transfer-Encoding: chunked" when both are present in an HTTP request, violating RFC 7230 3.3.3. A remote attacker could exploit this improper header precedence to perform...

CURL-CVE-2026-4873 connection reuse ignores TLS requirement

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...