Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/07 9:5 p.m.6 views

Incorrect Authorization

Overview web-auth/webauthn-framework is a FIDO-U2F / FIDO2 / Webauthn Framework. Affected versions of this package are vulnerable to Incorrect Authorization via the ClientOverridePolicy process. An attacker can bypass user verification requirements by supplying a crafted userVerification paramete...

2.4CVSS5.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:27 p.m.8 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.2CVSS6.5AI score0.00334EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:26 p.m.6 views

Security Bulletin: Vulnerability in Elasticsearch PKI realm affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Elasticsearch PKI realm has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

7.4CVSS5.7AI score0.00162EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv [CVE-2026-22702]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv, caused by flaws which allow local attackers to perform symlink-based attacks on directory creation operations. CVE-2026-22702. virtualenv is used in our java microservices. This...

4.5CVSS5.9AI score0.00085EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/02/16 5:15 p.m.10 views

DEBIAN-CVE-2021-21315

The System Information Library for Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. ...

7.8CVSS5.8AI score0.9024EPSS
Exploits4References1
Rows per page
Query Builder