Lucene search
K

33 matches found

Snyk
Snyk
added 2026/04/08 8:2 p.m.7 views

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...

9.8CVSS6.3AI score0.02185EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/21 7:2 p.m.9 views

Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...

8.8CVSS7.9AI score0.01479EPSS
Exploits4Affected Software1
NVD
NVD
added 2025/10/07 8:15 p.m.6 views

CVE-2025-11462

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...

9.3CVSS0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.3 views

PT-2025-41169

Name of the Vulnerable Software and Affected Versions AWS VPN Client for macOS versions 1.3.2 through 5.2.0 Description A flaw exists in the AWS VPN Client for macOS that allows a local user to execute code with elevated privileges. Insufficient validation of the log destination directory during...

9.3CVSS7.2AI score0.00212EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 8:19 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-10.1.42.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affect...

7.5CVSS6.4AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 6:27 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.10.3.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of jackson-core-2.10.3.jar Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in versio...

4CVSS6AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 7:14 p.m.4 views

Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability

Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...

5.4CVSS5.5AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:5 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in llama_index-0.12.29-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of llamaindex-0.12.29-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabiliti...

9.8CVSS8AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 11:52 a.m.9 views

Security Bulletin: Vulnerability in FreeType affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in FreeType has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.1CVSS7.7AI score0.26049EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.10 views

Security Bulletin: Vulnerability in Vega affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Vega has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.3CVSS6.6AI score0.00477EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:35 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of protobuf-5.29.3-cp310-abi3-win32.whl Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS6.7AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.26 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

8.7CVSS6.7AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:17 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/crypto-v0.33.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/crypto-v0.33.0 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key...

7.5CVSS6.5AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:29 p.m.7 views

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...

7.8CVSS7.1AI score0.00329EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 2:16 p.m.11 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...

7.5CVSS7.3AI score0.00763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 6:20 a.m.6 views

Security Bulletin: Vulnerability in pillow affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary IBM watsonx Orchestrate with watsonx Assistant Cartridge contains a vulnerable version of pillow Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently lar...

7.1CVSS6.8AI score0.00259EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 8:38 p.m.3 views

Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...

8.8CVSS7.9AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 8:35 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...

9.8CVSS8.6AI score0.00763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 8:25 p.m.7 views

Security Bulletin: Vulnerabilities in quarkus-resteasy affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in quarkus-resteasy has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: ...

7.5CVSS8.3AI score0.00759EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:48 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the linux-pam package (CVE-2025-6020)

Summary Linux-pam is used by DataStage on Cloud Pak for Data as part of the authentication functionality. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

7.8CVSS6.3AI score0.0039EPSS
Exploits0Affected Software1
Rows per page
Query Builder