Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/06 6:19 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate with watsonx Assistant Cartridge is vulnerable to HTTP Request Smuggling due to aiohttp

Summary aiohttp is used by IBM watsonx Orchestrate with watsonx Assistant Cartridge as a part of wxo-server-server image Vulnerability Details IBM X-Force ID: 275957 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sendin...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:5 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in llama_index-0.12.29-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of llamaindex-0.12.29-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabiliti...

9.8CVSS8AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:38 a.m.12 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48...

7.5CVSS6.9AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:33 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

8.2CVSS6.5AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.26 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

8.7CVSS6.7AI score0.00368EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/08/30 1:15 p.m.5 views

CVE-2025-0165

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS5.9AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/30 12:47 p.m.2 views

CVE-2025-0165 IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS6.8AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/30 12:47 p.m.8 views

CVE-2025-0165 IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS0.0037EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:44 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in helpers-7.24.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of helpers-7.24.0.tgz Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular...

6.2CVSS8.8AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/27 2:42 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the...

6.3CVSS7.6AI score0.02357EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.4 views

WordPress plugin Live Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.3AI score0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/05 12:0 a.m.4 views

PT-2024-32604 · WordPress · Wpdeveloper Essential Blocks For Gutenberg

Name of the Vulnerable Software and Affected Versions: WPDeveloper Essential Blocks for Gutenberg versions through 4.8.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means th...

6.5CVSS6.5AI score0.00241EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/09/30 10:59 a.m.5 views

WordPress Essential Blocks plugin <= 4.8.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Essential Blocks for Gutenberg versions = 4.8.4...

6.5CVSS6.1AI score0.00241EPSS
Exploits0Affected Software1
Rows per page
Query Builder