Lucene search
K

40 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:48 p.m.4 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.3CVSS5.9AI score0.00445EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-0206

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0266EPSS
Exploits0References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21894

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.08088EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0615

Malicious code in bioql PyPI...

9.8CVSS5.9AI score0.01231EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-7206

Malicious code in bioql PyPI...

5.6CVSS6.3AI score0.00512EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54844

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.6 views

Atlassian Jira Service Management Data Center and Server < 5.12.25 / 10.3.x < 10.3.8 / 10.7.x < 10.7.2 (JSDSERVER-16309)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16309 advisory. - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue...

7.5CVSS7.2AI score0.54877EPSS
Exploits1References2
NVD
NVD
added 2025/07/14 9:15 p.m.9 views

CVE-2025-53640

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...

6.5CVSS0.00565EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/06/10 11:8 p.m.9 views

CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

7.1AI score0.00596EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.4 views

PT-2025-25168 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions prior to 4.19.3.0 Apache CloudStack versions prior to 4.20.1.0 Description: A flaw in access control affects the "listTemplates" and "listIsos" APIs. A malicious Domain Admin or Resource Admin can exploit this issue...

6.5CVSS6.3AI score0.00568EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.5 views

PT-2025-24565 · Pion · Pion Interceptor

Name of the Vulnerable Software and Affected Versions: Pion Interceptor versions v0.1.36 through v0.1.38 Description: Pion Interceptor is a framework for building RTP/RTCP communication software. The issue is caused by a bug in the RTP packet factory, which can be exploited by crafted RTP packets...

7.5CVSS6AI score0.00415EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2025/06/06 9:18 p.m.6 views

CVE-2025-49128 Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation

Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended memory content t...

4CVSS4.6AI score0.00314EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/04 11:20 a.m.15 views

CVE-2025-48957

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in...

7.5CVSS6.7AI score0.00618EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.3 views

PT-2025-23223 · Unknown · Chrome Php

Name of the Vulnerable Software and Affected Versions: Chrome PHP versions prior to 1.14.0 Description: The issue arises from CSS Selector expressions not being properly encoded, leading to potential cross-site scripting XSS vulnerabilities. There is no information provided about the estimated...

5.3CVSS5.5AI score0.00382EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.8 views

CVE-2024-52511

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0...

6.5CVSS6.7AI score0.00448EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.10 views

CVE-2024-51734

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

8.7CVSS6.7AI score0.00413EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.16 views

CVE-2024-30188

File read and write vulnerability in Apache DolphinScheduler , authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue...

8.8CVSS6.6AI score0.05987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:3 a.m.8 views

CVE-2023-36543

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected...

6.5CVSS6.5AI score0.01157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.11 views

CVE-2023-3231

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. This vulnerability affects unknown code of the component ZIP Package Handler. The manipulation of the argument dir leads to information disclosure. The attack can be initiated remotely. The complexity of an attack ...

6.5CVSS6.6AI score0.0082EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:2 a.m.11 views

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS7AI score0.0087EPSS
Exploits1References1
Rows per page
Query Builder