40 matches found
Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
EUVD-2022-0206
Malicious code in bioql PyPI...
EUVD-2025-21894
Malicious code in bioql PyPI...
EUVD-2023-0615
Malicious code in bioql PyPI...
EUVD-2025-7206
Malicious code in bioql PyPI...
EUVD-2024-54844
Malicious code in bioql PyPI...
Atlassian Jira Service Management Data Center and Server < 5.12.25 / 10.3.x < 10.3.8 / 10.7.x < 10.7.2 (JSDSERVER-16309)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16309 advisory. - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue...
CVE-2025-53640
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...
CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...
PT-2025-25168 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions prior to 4.19.3.0 Apache CloudStack versions prior to 4.20.1.0 Description: A flaw in access control affects the "listTemplates" and "listIsos" APIs. A malicious Domain Admin or Resource Admin can exploit this issue...
PT-2025-24565 · Pion · Pion Interceptor
Name of the Vulnerable Software and Affected Versions: Pion Interceptor versions v0.1.36 through v0.1.38 Description: Pion Interceptor is a framework for building RTP/RTCP communication software. The issue is caused by a bug in the RTP packet factory, which can be exploited by crafted RTP packets...
CVE-2025-49128 Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended memory content t...
CVE-2025-48957
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in...
PT-2025-23223 · Unknown · Chrome Php
Name of the Vulnerable Software and Affected Versions: Chrome PHP versions prior to 1.14.0 Description: The issue arises from CSS Selector expressions not being properly encoded, leading to potential cross-site scripting XSS vulnerabilities. There is no information provided about the estimated...
CVE-2024-52511
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0...
CVE-2024-51734
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...
CVE-2024-30188
File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...
CVE-2023-36543
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected...
CVE-2023-3231
A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack ...
CVE-2023-33977
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...