CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•30 views

CVE-2026-7253 IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway

5.3CVSS0.00184EPSS

CVE•added 4 days ago•20 views

CVE-2026-7253

The CVE-2026-7253 issue affects IBM Watson Speech Services Cartridge (Sterling File Gateway) and is a Server-Side Request Forgery (SSRF) due to a flaw that allows an authenticated attacker to send unauthorized requests from the system, potentially enabling network enumeration. Affected versions a...

5.3CVSS5.8AI score0.00184EPSS

EUVD•added 4 days ago•8 views

EUVD-2026-38266

5.3CVSS5.8AI score0.00184EPSS

IBM Security Bulletins•added 2026/06/18 7:35 p.m.•6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.3AI score0.00184EPSS

IBM Security Bulletins•added 2026/06/10 6:6 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

7.5CVSS6.6AI score0.00882EPSS

IBM Security Bulletins•added 2026/06/09 3:44 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is...

9.8CVSS6.9AI score0.00611EPSS

IBM Security Bulletins•added 2026/06/09 3:40 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz Vulnerability Details CVEID:CVE-2026-31808 DESCRIPTION: file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type...

5.3CVSS5.5AI score0.00325EPSS

IBM Security Bulletins•added 2026/06/09 3:39 p.m.•6 views

Security Bulletin:IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.7AI score0.00421EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2026/06/09 3:28 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

9.8CVSS6.8AI score0.01026EPSS

IBM Security Bulletins•added 2026/06/09 3:26 p.m.•11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not...

6.1CVSS5AI score0.00258EPSS

IBM Security Bulletins•added 2026/06/09 3:24 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

8.2CVSS6.1AI score0.00276EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2026/06/09 3:22 p.m.•6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization...

6.1CVSS7.4AI score0.00284EPSS

IBM Security Bulletins•added 2026/06/09 3:16 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.3AI score0.00399EPSS

IBM Security Bulletins•added 2026/06/09 3:13 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

7.9CVSS6.2AI score0.00317EPSS

IBM Security Bulletins•added 2026/06/09 3:11 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...

9.1CVSS5.4AI score0.00251EPSS

IBM Security Bulletins•added 2026/06/09 3:7 p.m.•6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writ...

9.3CVSS5.4AI score0.00337EPSS

IBM Security Bulletins•added 2026/06/09 2:59 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...

6.9CVSS5.4AI score0.00263EPSS

IBM Security Bulletins•added 2026/06/09 2:57 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...

6.3CVSS5.5AI score0.00351EPSS