Lucene search
+L

111 matches found

NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2025-36324

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

4.3CVSS0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.6 views

CVE-2025-12530

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53973

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence version 5.2.2 IBM watsonx.data intelligence version 5.3.0 IBM watsonx.data intelligence versions 5.3.1 through patch-1 Description The software transmits data in clear text, which could allow an attacker to obtain...

5.9CVSS5.9AI score0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53975

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An issue exists where an authenticated user can embed arbitrary JavaScript code into the Web UI. This stored cross-site scripting XSS allows for the alteration of intended...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:16 a.m.9 views

UBUNTU-CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 5:16 a.m.10 views

UBUNTU-CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:51 a.m.37 views

CVE-2026-41847

CVE-2026-41847 : Spring Framework WebFlux Kotlin Router DSL may be vulnerable to a security bypass. Affected versions: Spring Framework 5.3.0 through 5.3.48. The CVE records a bypass in WebFlux when using the Kotlin Router DSL, with a CVSS v3.1 base score of 4.8 (Medium). Impact indicators in the...

5.3CVSS5.4AI score0.00166EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47660

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47658

Name of the Vulnerable Software and Affected Versions Spring Framework versions 5.3.0 through 5.3.48 Description Spring WebFlux applications may be subject to a security bypass when utilizing the Kotlin Router DSL. Recommendations At the moment, there is no information about a newer version that...

5.3CVSS5.2AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 9:5 p.m.3 views

GHSA-H4FW-6R7F-W494 Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

2.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:5 p.m.15 views

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/26 11:32 p.m.6 views

CVE-2026-3270 psi-probe PSI Probe Whois Whois.java lookup server-side request forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References6
CVE
CVE
added 2026/02/26 11:32 p.m.21 views

CVE-2026-3269

PSI Probe

6.5CVSS5.1AI score0.00561EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20226

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 Description IBM DataStage on Cloud Pak for Data returns sensitive information in an HTTP response. This information could potentially be used to impersonate other users within th...

8.1CVSS5.4AI score0.0029EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.10 views

IBM DataStage on Cloud Pak for Data 安全漏洞

IBM DataStage on Cloud Pak for Data is an enterprise-level data integration solution provided by International Business Machines IBM. Versions 5.1.2 to 5.3.0 of IBM DataStage on Cloud Pak for Data contain security vulnerabilities. These vulnerabilities stem from the return of sensitive informatio...

8.1CVSS5.8AI score0.0029EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/04 10:35 p.m.14 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12060 DESCRIPTION: The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The...

8.9CVSS7.4AI score0.00593EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/02 3:16 p.m.6 views

CVE-2025-52864

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS...

8.1CVSS0.00299EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 7:37 a.m.7 views

Security Bulletin: Vulnerability in SSH servers which implement file transfer protocols affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in SSH servers which implement file transfer protocols has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to...

7.5CVSS6.2AI score0.00868EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/12/12 5:16 a.m.6 views

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

5.3CVSS5.8AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 5:16 a.m.6 views

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
Rows per page
Query Builder