8 matches found
EUVD-2026-31846
Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling request URLs can acces...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript
Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss
Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...
CVE-2025-59789
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser
Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify
Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
PT-2024-21817 · Onnx · Onnx
Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.15.0 Description: The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occu...