Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:38 p.m.6 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server

Summary Due to use of the Undertow web server, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerability. CVE-2024-4027 Vulnerability Details CVEID:CVE-2024-4027 DESCRIPTION: A flaw was found in Undertow. Servlets using a method that calls...

7.5CVSS5.8AI score0.00575EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:32 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Axios HTTP client library

Summary Due to use of the Axios HTTP client library, DevOps Test Performance and Rational Performance Tester contain a potentil denial of service DoS vulnerability. CVE-2026-25639 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS6.9AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:11 p.m.5 views

Security Bulletin: DevOps Test Performance and Rational Performance Tester contains a vulnerabilty related to use of the qs library

Summary Due to use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerabiity. CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP...

6.3CVSS6.5AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:4 p.m.5 views

Security Bulletin: DevOps Test Performance contains a potential denial of service (DoS) vulnerability

Summary Due to the use of the minimatch library, DevOps Test Performance and Rational Performance Tester contain a potential denial of Service vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into...

8.7CVSS6.5AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:0 p.m.2 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the minimatch library

Summary Due to the use of the minimatch library, DevOps Test Performance and Rational Performance Tester contain potential denial of service DoS vulnerabilities. CVE-2026-26996 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob...

8.7CVSS6.5AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 12:55 p.m.9 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the logback-core library

Summary Due to use of the logback-core library, DevOps Test Performance and Rational Performance Tester contain a potential Arbitrary Code Execution ACE vulnerability. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core ...

1.8CVSS5.8AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 8:37 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...

9.8CVSS7.7AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 8:27 a.m.4 views

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in python_multipart

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in pythonmultipart. CVE-2026-24486 vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version...

8.6CVSS6.7AI score0.02228EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 7:5 a.m.7 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-13333)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

4.9CVSS5.7AI score0.0031EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:3 a.m.9 views

Security Bulletin: Segmentation Fault Vulnerability in Rust time crate on Unix Systems (v0.2.7–v0.2.22) affects watsonx.data

Summary A vulnerability in the Rust time crate v0.2.7–v0.2.22 can cause segmentation faults on Unix-like systems when environment variables are set from a different thread. Windows and WebAssembly targets are unaffected. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2020-26235...

5.3CVSS6AI score0.01881EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:2 a.m.7 views

Security Bulletin: Use-After-Free Vulnerability in c-ares read_answers() Function (v1.32.3–v1.34.4) affects watsonx.data

Summary CVE-2025-31498 - A use-after-free vulnerability exists in c-ares v1.32.3–v1.34.4 within the readanswers function. It can occur when processanswer re-enqueues queries under certain DNS conditions, potentially leading to crashes or unexpected behavior. This can affect watsonx.data...

8.3CVSS6.7AI score0.00555EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:1 a.m.8 views

Security Bulletin: runc File Descriptor Leak Leads to Container Escape Vulnerability (Fixed in 1.1.12), affects watsonx.data

Summary runc ≤ 1.1.11 contains a file descriptor leak vulnerability that can allow container processes to access the host filesystem, leading to potential container escape and host compromise. Fixed in version 1.1.12. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21626...

8.6CVSS6.9AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:0 a.m.6 views

Security Bulletin: tough-cookie Prototype Pollution Vulnerability in CookieJar, affects watsonx.data

Summary ough-cookie versions prior to 4.1.3 are vulnerable to prototype pollution when using CookieJar with rejectPublicSuffixes=false due to improper object initialization. Fixed in version 4.1.3. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of t...

9.8CVSS6.7AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:59 a.m.11 views

Security Bulletin: XSS Vulnerability in React Router meta()/Meta APIs During SSR, affects watsonx.data

Summary React Router @remix-run/react 1.15.0–2.17.0, react-router 7.0.0–7.8.2 is vulnerable to XSS in meta/Meta APIs when generating script:ld+json tags in Framework Mode. Arbitrary JavaScript could execute during SSR if untrusted content is used. No impact occurs in Declarative Mode BrowserRoute...

8.2CVSS6.6AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:45 a.m.9 views

Security Bulletin: Decompression Bomb Vulnerability in urllib3 affects watsonx.data

Summary urllib3 versions ≥1.24 and 2.6.0 are vulnerable to unbounded decompression chains. A malicious server can trigger excessive CPU and memory usage by sending many nested compression steps. The issue is fixed in version 2.6.0. This can affect watsonx.data. Vulnerability Details...

8.9CVSS6.9AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:33 a.m.13 views

Security Bulletin: Decompression Bomb Vulnerability in Undic, affects watsonx.data

Summary Undici versions prior to 7.18.0 and 6.23.0 are vulnerable to unbounded decompression chains. Malicious servers can exploit this to trigger high CPU usage and excessive memory allocation due to thousands of compression steps. This can affect watsonx.data. Vulnerability Details...

7.5CVSS6.6AI score0.00433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:32 a.m.8 views

Security Bulletin: Eclipse Jetty HTTP/2 DoS Vulnerability affects watsonx.data

Summary A flaw in the Eclipse Jetty HTTP/2 server implementation causes improper cleanup of connections when handling invalid HTTP/2 requests. When malformed or invalid requests are received, the server fails to correctly release active connections and associated resources. This can affect...

7.5CVSS7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 5:1 p.m.13 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to lz4 and Apache Log4j (CVE-2025-12183, CVE-2025-66566 & CVE-2025-68161 )

Summary Users of Kafka features in IBM App Connect Enterprise and IBM Integration Bus for z/OS and the jdbcConnector in IBM App Connect Enterprise are vulnerable to multiple vulnerabilities due to lz4 and Apache Log4j. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory...

8.8CVSS6.8AI score0.00743EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 4:52 p.m.10 views

Security Bulletin: Improper Host Header Validation in Undertow HTTP Server Enables Cache Poisoning and Session Hijacking affects watsonx.data

Summary A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed...

9.6CVSS7.3AI score0.01179EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 4:36 p.m.7 views

Security Bulletin: IBM Operations Analytics – Log Analysis is affected by a security feature bypass due to Azure SDK for Java

Summary Azure SDK for Java is used by IBM Operations Analytics – Log Analysis as part of secure, asynchronous messaging and event streaming over AMQP Advanced Message Queuing Protocol. CVE‑2020‑16971. Vulnerability Details CVEID:CVE-2020-16971 DESCRIPTION: Azure SDK for Java Security Feature Bypa...

9.1CVSS7.1AI score0.0359EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 10:57 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

9.8CVSS6AI score0.00808EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 10:21 a.m.14 views

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 24 (4.2.0.24)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 24 4.2.0.24 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSO...

9.8CVSS7.3AI score0.02164EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 9:55 a.m.4 views

Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-25193 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

5.5CVSS6.6AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/09 8:23 a.m.11 views

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to two security vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a Use of Hard-coded Cryptographic Key vulnerability CVE-2025-12635 and an Improper Neutralization of Input During Web Page...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:0 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published...

5.5CVSS5.9AI score0.00216EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 4:6 p.m.10 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to use of Bytes (CVE-2026-25541)

Summary IBM DataPower Gateway uses Bytes in the 'Gateway Peering' feature, and in 10.6.0 and 10.6CD only the 'GitOps' feature. Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to...

7.5CVSS5.8AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 3:58 p.m.6 views

Security Bulletin: EDB PGAI Databases is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI Databases 18.0. It has been addressed in 18.2. Hence, IBM strongly recommends upgrading to 18.2. Vulnerability Details CVEID:CVE-2024-25260 DESCRIPTION: elfutils v0.189 was discovered to contain a NULL pointer dereference via the handleverdef...

6.1CVSS5.1AI score0.004EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 2:13 p.m.4 views

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Directory (Container) (CVE-2025-36074)

Summary Security vulnerability has been addressed in IBM Security Verify Directory Container Vulnerability Details CVEID:CVE-2025-36074 DESCRIPTION: IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious fil...

7.2CVSS5.8AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 2:10 p.m.12 views

Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...

9.4CVSS6.4AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 2:10 p.m.6 views

Security Bulletin: Security vulnerability was found in IBM WebSphere Application Server provided with IBM Security Verify Directory (CVE-2025-7962)

Summary Security vulnerability was addressed in WebSphere Application Server provided with IBM Security Verify Directory Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate...

7.5CVSS6.5AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 2:6 p.m.8 views

Security Bulletin: Security vulnerability was found in IBM Security Directory Integrator (CVE-2024-28765)

Summary Security vulnerability has been addressed in the IBM Security Directory Integrator Vulnerability Details CVEID:CVE-2024-28765 DESCRIPTION: IBM Security Directory Integrator could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in...

5.3CVSS5.8AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 12:18 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library

Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...

7.5CVSS6.2AI score0.00562EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 12:14 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the lodash JavaScript library

Summary Due to use of the lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 11:49 a.m.4 views

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site scripting and arbitrary code execution

Summary IBM Tivoli Application Dependency Discovery Manager bundles WebSphere Application Server Liberty, vulnerabilities have been remediated in an efix Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

7.6CVSS6.1AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:48 a.m.7 views

Security Bulletin: Certificate Name Constraints Bypass via Wildcard SANs affects watsonx.data

Summary Improper enforcement of certificate name constraints allows wildcard SANs e.g., .example.com to bypass excluded subdomain restrictions e.g., test.example.com, potentially enabling unauthorized certificate usage.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-61727...

7.5CVSS7AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:47 a.m.4 views

Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data

Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...

7.5CVSS7AI score0.00377EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:47 a.m.8 views

Security Bulletin: Fulcio OIDC Token Parsing DoS Vulnerability in extractIssuerURL affects watsonx.data

Summary ulcio prior to 1.8.3 is vulnerable to a Denial-of-Service DoS issue where malicious OIDC tokens containing excessive period characters can trigger high memory allocation during parsing. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a...

7.5CVSS5.9AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:46 a.m.5 views

Security Bulletin: jose4j JWE Decompression DoS Vulnerability (Fixed in 0.9.6), affects watsonx.data

Summary n jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time...

7.5CVSS5.9AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:45 a.m.8 views

Security Bulletin: MCP Python SDK DNS Rebinding Vulnerability in HTTP Servers (Fixed in 1.23.0) affects watsonx.data

Summary The MCP Python SDK mcp prior to 1.23.0 did not enable DNS rebinding protection by default for HTTP-based servers. This could allow a malicious website to bypass same-origin policies and send requests to a local MCP server running without authentication. This can affect watsonx.data...

8.1CVSS5.8AI score0.00463EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:44 a.m.11 views

Security Bulletin: LangChain Serialization Injection Vulnerability in dumps()/dumpd() (Fixed in 0.3.81 / 1.2.5) affects watsonx.data

Summary A serialization injection vulnerability in LangChain's dumps and dumpd functions pre-0.3.81 / 1.2.5 allows user-controlled data with 'lc' keys to be deserialized as objects. This issue is fixed in versions 0.3.81 and 1.2.5. This can affect watsonx.data. Vulnerability Details...

9.3CVSS7AI score0.1383EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:42 a.m.6 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in OWASP Java HTML Sanitizer via HtmlPolicyBuilder noscript/style Tags (v20240325.1), affects watsonx.data

Summary A vulnerability in OWASP Java HTML Sanitizer v20240325.1 allows Cross-Site Scripting XSS when HtmlPolicyBuilder permits noscript or style tags with allowTextIn. Unsanitized CSS or unexpected tags can be exploited by attackers. No patch is available at the time of this publication. This ca...

8.6CVSS5.9AI score0.00226EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:31 a.m.8 views

Security Bulletin: Session Cookie Exposure via Improper Cache Handling in Flask (≤ v2.3.1, ≤ v2.2.4), affects watsonx.data

Summary A vulnerability in Flask ≤ v2.3.1, ≤ v2.2.4 can cause session cookies to be exposed when responses are cached by a proxy. This occurs if sessions are permanent but not accessed during a request, combined with default cache settings. The issue is fixed in versions 2.3.2 and 2.2.5. This can...

7.5CVSS7.1AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 9:12 a.m.9 views

Security Bulletin: Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities (CVE-2025-66614, CVE-2026-24733, CVE-2026-24734) and an 'Injection' vulnerability (CVE-2026-27727).

Summary Due to the use of Apache Tomcat and mchange-commons-java, IBM ApplinX is vulnerable to Improper Input Validation vulnerablities CVE-2025-66614, CVE-2026-24733, CVE-2026-24734 and an Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'...

9.8CVSS7.3AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:45 a.m.6 views

Security Bulletin: Log Injection Vulnerability in orydolphin/flask-cors (Debug Logging) affects watsonx.data

Summary A vulnerability in orydolphin/flask-cors allows attackers to inject malicious log entries when debug logging is enabled. By sending specially crafted requests containing CRLF sequences, an attacker can corrupt or forge log entries, potentially obscuring other attacks or disrupting log...

7.5CVSS5.9AI score0.00677EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:43 a.m.49 views

Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data

Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...

8.7CVSS6AI score0.00454EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:42 a.m.9 views

Security Bulletin: Dynamic XSS Vulnerability in GraphiQL via Malicious Schema Introspection Responses (Pre-v1.4.7) watsonx.data

Summary All versions of GraphiQL before 1.4.7 are vulnerable to a dynamic XSS flaw triggered by malicious schema introspection responses or crafted type names, potentially allowing code injection during autocomplete—especially in custom setups where the schema endpoint can be user-controlled. Thi...

7.1CVSS7.1AI score0.01032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:41 a.m.18 views

Security Bulletin: High Resource Consumption Vulnerability in urllib3 Streaming API Due to Improper Handling of Highly Compressed Data (≤ v2.6.0) affects watsonx.data

Summary A vulnerability in the urllib3 Streaming API versions 1.0 through 2.6.0 allows highly compressed HTTP responses to be decompressed in a way that can consume excessive system resources. When processing compressed data e.g., gzip or brotli, the library may fully decompress a small input int...

8.9CVSS6.8AI score0.00633EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:41 a.m.6 views

Security Bulletin: Signature Verification Bypass Vulnerability in auth0/node-jws (HS256, ≤ v3.2.2 & v4.0.0) affects watsonx.data

Summary A vulnerability in auth0/node-jws allows attackers to bypass signature verification when using the HS256 algorithm under certain conditions. The issue occurs when applications rely on user-controlled data for HMAC secret lookup during verification. This can affect watsonx.data...

7.5CVSS5.8AI score0.002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:40 a.m.5 views

Security Bulletin: Cookie Parsing Vulnerability in Werkzeug Allows Subdomain Cookie Injection (≤ v2.2.2), affects watsonx.data

Summary A vulnerability in Werkzeug prior to v2.2.3 allows malicious subdomains to inject crafted "nameless" cookies that are incorrectly parsed as valid cookies. This can cause applications to accept attacker-controlled values, potentially leading to security issues. This can affect watsonx.data...

8CVSS6.8AI score0.03397EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:40 a.m.11 views

Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data

Summary A vulnerability in TensorFlow Keras v2.13 allows malicious .keras model files to trigger arbitrary local file reads, Server-Side Request Forgery SSRF, and potential code execution during model loading—even when safemode=True is enabled. The issue arises from improper handling of external...

9.8CVSS7.1AI score0.01745EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35596