Lucene search
K

30 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in Immutable.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Immutable.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS6.7AI score0.00978EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:11 p.m.3 views

Security Bulletin: Vulnerability in fast-xml-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in fast-xml-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS7.1AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:35 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

8.8CVSS5.3AI score0.002EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/29 10:9 p.m.10 views

Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:58 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to versi...

6.3CVSS5.7AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:25 p.m.5 views

Security Bulletin: A denial-of-service (DoS) vulnerability in google.protobuf.json_format.ParseDict() in Python, affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential denial-of-service DoS vulnerability in google.protobuf.jsonformat.ParseDict in Python, has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been...

8.2CVSS6AI score0.00613EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 10:25 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink insid...

7.1CVSS6.1AI score0.00288EPSS
Exploits1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.5 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/16 8:41 p.m.9 views

EUVD-2026-23000

Weblate: JavaScript localization CDN add-on allows arbitrary local file read outside the repository...

6.8CVSS5.9AI score0.00323EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 10:30 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 3:46 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the...

5.3CVSS5.8AI score0.00115EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/31 2:30 a.m.3 views

SQL Injection

Overview baserproject/basercms is a Content management system based on CakePHP. Affected versions of this package are vulnerable to SQL Injection via the blog post process. An attacker can execute arbitrary SQL commands by supplying crafted input to the affected component. Remediation Upgrade...

9.8CVSS7.4AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 8:55 p.m.2 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.8AI score0.00275EPSS
Exploits0References4
OSV
OSV
added 2026/02/10 12:25 a.m.5 views

GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/05 8:23 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature...

7.5CVSS5.4AI score0.00193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:11 p.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to DoS due to unbounded memory allocation in golang.org/x/crypto SSH implementation (CVE-2025-22869)

Summary Potential vulnerabilities in golang.org/x/crypto module CVE-2025-22869 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from...

7.5CVSS7.3AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

5.3CVSS4.6AI score0.00309EPSS
Exploits1Affected Software2
RedhatCVE
RedhatCVE
added 2025/09/11 3:26 p.m.4 views

CVE-2025-10183

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

9.1CVSS7.6AI score0.004EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/02 11:21 p.m.3 views

SUSE CVE-2025-53103

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

5.8CVSS6.8AI score0.00099EPSS
Exploits0References3
OSV
OSV
added 2025/04/07 2:15 p.m.2 views

DEBIAN-CVE-2025-30195

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodym...

7.5CVSS7.4AI score0.0068EPSS
Exploits0References1
Rows per page
Query Builder