Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1 [CVE-2026-23490]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1, caused by memory exhaustion from malformed RELATIVE-OID with excessive continuation octets CVE-2026-23490. Pyasn1 is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please rea...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...

CVE-2026-31923 Apache APISIX: Openid-connect `tls_verify` field is disabled by default

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...

-liuxin (=1.0.0), -test-bitbucket-branch-manager (=1.0.1) +24814 more potentially affected by CVE-2026-40895 via follow-redirects (>=1.0.0 <=1.15.9)

follow-redirects NPM version =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - 0a =1.0.0 - 0c =1.0.0 and more Source cves: CVE-2026-40895 Source advisory: SNYK:JS-FOLLOWREDIRECTS-16032162...

ai.evolv:ascend-sdk (=0.5.0), app.peac:core (=0.0.1) +2551 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=2.0.0 <=2.12.4)

org.asynchttpclient:async-http-client MAVEN version =2.0.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.7.0, =0.7.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0, =2.2, =2.0, =2.0-RC2 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service provided by the Apache Foundation in the United States. This software is implemented based on OpenResty and etcd, featuring dynamic routing and hot loading of plugins. It is suitable for API management within microservice systems...

Docmost 授权问题漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.70.0 to 0.70.2 have a vulnerability related to authorization issues. This vulnerability stems from an authorization bypass issue, allowing unauthorized users to enumerate and...

Docmost 安全漏洞

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost from 0.3.0 to 0.71.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow users with low privileges to override attachments ...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...

EUVD-2026-21999

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800...

EUVD-2026-21988

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

org.webjars.npm:g-status (=2.0.2), org.webjars.npm:graphql-toolkit__git-loader (=0.7.5) potentially affected by CVE-2022-25860 +1 more via org.webjars.npm:simple-git (>=1.129.0 <=1.132.0)

org.webjars.npm:simple-git MAVEN version =1.129.0, =1.132.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:simple-git and may be impacted: - org.webjars.npm:g-status =2.0.2 - org.webjars.npm:graphql-toolkitgit-loader =0.7.5 Source cves...

CVE-2026-34188 OS Command Injection in Event Response Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30806

The CVE-2026-30806 entry affects Pandora FMS versions 777–800 and involves Improper Neutralization of Special Elements used in an OS Command vulnerability, enabling OS command injection via the Network Report. The CVE list describes this as leading to Remote Code Execution. No further technical s...

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-35337 via org.apache.storm:storm-client (>=2.0.0 <=2.8.5)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.5 and more Source cves: CVE-2026-35337 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16067036...

Craft Commerce 安全漏洞

Craft Commerce is an e-commerce platform derived from the open-source Craft CMS. Vulnerabilities exist in versions 4.0.0 to 4.10.2, as well as 5.0.0 to 5.5.4 of Craft Commerce. These vulnerabilities stem from the PaymentsController::actionPay function, which allows order data to be disclosed to...