Lucene search
K

8 matches found

EUVD
EUVD
added 2026/05/26 2:38 p.m.22 views

EUVD-2026-31846

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

5.8AI score0.0049EPSS
Exploits3References1
Snyk
Snyk
added 2026/04/09 4:14 p.m.3 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling request URLs can acces...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:44 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript

Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...

5.4CVSS5.9AI score0.01006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:29 a.m.13 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss

Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...

5.3CVSS6.5AI score0.00822EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/12/01 11:15 a.m.6 views

CVE-2025-59789

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

7.5CVSS0.01479EPSS
Exploits2References2
OSV
OSV
added 2025/12/01 10:22 a.m.5 views

CVE-2025-59789 Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser

Uncontrolled recursion in the json2pb component in Apache bRPC version 1.15.0 on all platforms allows remote attackers to make the server crash via sending deep recursive json data. Root Cause: The bRPC json2pb component uses rapidjson to parse json data from the network. The rapidjson parser use...

7.5CVSS7.3AI score0.01479EPSS
Exploits2References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:57 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.6 views

PT-2024-21817 · Onnx · Onnx

Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.15.0 Description: The issue allows Directory Traversal as the external data field of the tensor proto can have a path to a file outside the model's current directory or user-provided directory. This vulnerability occu...

7.5CVSS4.5AI score0.01189EPSS
Exploits0References17
Rows per page
Query Builder