Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 8:13 p.m.7 views

Security Bulletin: Flow Validation Bypass via Empty Component Type Field

Summary A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type value instead of blocking them, enabling...

9.8CVSS6.4AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 7:50 p.m.5 views

Security Bulletin: Insecure Deserialization in Redis Cache Backend

Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...

9.8CVSS6.2AI score0.00386EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.6 views

PT-2024-19985 · Unknown · Label Studio

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.10.1 Description: The remote import feature in Label Studio allowed users to import data from a remote web source, which could be abused to download a HTML file that executed malicious JavaScript code in the...

6.1CVSS6.1AI score0.00592EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2021/07/17 12:0 a.m.3 views

PT-2021-21178 · Hashicorp · Hashicorp Consul +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.9.0 through 1.10.0 Description: The issue arises when a default deny policy with a single L7 application-aware intention deny action is used, causing the intention to incorrectly fail open and...

7.5CVSS7.6AI score0.0174EPSS
Exploits0References20
Rows per page
Query Builder