Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 9:29 a.m.7 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-61795).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-61795. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper...

5.3CVSS6.6AI score0.01139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 10:12 p.m.5 views

Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

Summary Fixes to common vulnerabilities discovered in IBM Db2 High Performance Unload v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33126 DESCRIPTION: IBM Db2 High Performance Unload could allow an authenticated user to cause the program to crash due to the...

6.5CVSS6.5AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:15 p.m.5 views

Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.

Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...

7.5CVSS6.9AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 7:41 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Controller

Summary Multiple vulnerabilities were addressed in IBM Cognos Controller 11.0.1 FP7 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions th...

8.1CVSS6.3AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:50 p.m.9 views

Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822.

Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57822 DESCRIPTION: Next.js is a React framework for building full-stack web applications...

8.2CVSS6.6AI score0.02328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:49 p.m.11 views

Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752.

Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55173 DESCRIPTION: Next.js is a React framework for building full-stack...

6.2CVSS6.7AI score0.00509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:48 p.m.6 views

Security Bulletin: IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754.

Summary IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Wh...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:44 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350.

Summary IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for...

8.6CVSS6.5AI score0.00292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 5:41 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.

Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 4:17 p.m.20 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...

9.6CVSS7.6AI score0.66535EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 3:39 p.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene

Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 11:19 a.m.5 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP compone...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 11:8 a.m.6 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...

9.8CVSS7.1AI score0.00739EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:49 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous,...

8.2CVSS6.6AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:45 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081.

Summary IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...

5.3CVSS6.6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:44 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.6AI score0.00431EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:43 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:42 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.7AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:40 a.m.17 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.

Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...

5.6CVSS6.4AI score0.00624EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:39 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181.

Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181. This bulletin contains information regarding the vulnerability and its fixture...

6.1CVSS6.5AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:38 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924.

Summary IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 9:21 a.m.9 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK ( CVE-2025-53066 & CVE-2025-53057 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Access Control and Exposure of Sensitive Information to an Unauthorized Actor due to IBM Java SDK. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related...

7.5CVSS6.2AI score0.00633EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 7:36 a.m.5 views

Security Bulletin: Due to the use of IBM SDK, IBM Sterling Partner Engagement Manager is vulnerable to a Remote Code Execution.

Summary IBM Sterling Partner Engagement Manager uses IBM SDK within the product. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that...

8.1CVSS6AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 7:1 a.m.14 views

Security Bulletin: Due to use of quartz-jobs, IBM Sterling Partner Engagement Manager is vulnerable to a code injection.

Summary IBM Sterling Partner Engagement Managaer uses quartz-jobs, within the product CVE-2025-4447. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component...

9.8CVSS8.5AI score0.01017EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 6:29 a.m.8 views

Security Bulletin: IBM Jazz Reporting Service is affected by improper access control due to Apache Commons

Summary Apache Commons is used internally by IBM Jazz Reporting Service CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers...

8.8CVSS7.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 6:25 a.m.8 views

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

9.8CVSS6.6AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/01 3:0 a.m.7 views

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/30 9:25 p.m.26 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' (Internal Dot) vulnerability (CVE-2025-24813).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' Internal Dot vulnerability CVE-2025-24813. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path...

10CVSS9.3AI score0.99945EPSS
Exploits46Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/30 8:37 p.m.6 views

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...

4.8CVSS5.3AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:19 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-55163)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...

8.2CVSS6.5AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:18 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the netty package (CVE-2025-58056)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In...

7.5CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:17 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-58057)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

7.5CVSS6.3AI score0.00561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:16 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)

Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...

7.5CVSS6.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:15 p.m.11 views

Security Bulletin: Astronomer with IBM is vulnerable to sensitive data leaks or malicious requests due to the Apache tika package (CVE-2025-54988)

Summary Apache tika is used by Astronomer with IBM as part of data parsing functionality. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML...

9.8CVSS6.8AI score0.02962EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:14 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the markdown-it package (CVE-2025-7969)

Summary Markdown-it is used by Astronomer with IBM as part of markdown parsing functionality. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting...

6.9CVSS5.9AI score0.00229EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:13 p.m.50 views

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2007-2243 DESCRIPTION: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user...

7.8CVSS8.6AI score0.19433EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:11 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to prototype pollution due to the fast-redact package (CVE-2025-57319)

Summary Fast-redact is used by Astronomer with IBM as part of object redaction functionality. Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of...

7.5CVSS6.3AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:10 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.5AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:9 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to object abuse due to Kubernetes (CVE-2025-5187)

Summary Kubernetes is used by Astronomer with IBM as part of service management functionality. Vulnerability Details CVEID:CVE-2025-5187 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node obje...

6.7CVSS6.6AI score0.00434EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:8 p.m.9 views

Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

8.7CVSS6.6AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:7 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the jsondiffpatch package (CVE-2025-9910)

Summary Jsondiffpatch is used by Astronomer with IBM as part of JSON processing functionality. Vulnerability Details CVEID:CVE-2025-9910 DESCRIPTION: Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject...

4.7CVSS6.5AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:6 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to arbitrary writes due to the tmp package (CVE-2025-54798)

Summary Tmp is used by Astronomer with IBM as part of the file processing functionality. Vulnerability Details CVEID:CVE-2025-54798 DESCRIPTION: tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory wri...

5.3CVSS6.7AI score0.00309EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:5 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to network segmentation abuse due to the moby package (CVE-2025-54410)

Summary Moby is used by Astronomer with IBM as part of container management. Vulnerability Details CVEID:CVE-2025-54410 DESCRIPTION: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream...

5.2CVSS6.5AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:4 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to session security compromise due to the CIRCL package (CVE-2025-8556)

Summary CIRCL is used by Astronomer with IBM as part of crytographic processing functionality. Vulnerability Details CVEID:CVE-2025-8556 DESCRIPTION: A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via...

3.7CVSS6.7AI score0.00452EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:3 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)

Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...

3.2CVSS6.6AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:2 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to improper input validation due to the sha.js package (CVE-2025-9288)

Summary Sha.js is used by Astronomer with IBM as part of the cryptographic processing functionality. Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20:...

9.1CVSS6.6AI score0.00651EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:57 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify

Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:53 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Open Redirect / Server-Side Request Forgery (SSRF) bypass due to Python

Summary Python is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control...

6.1CVSS6.3AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:36 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...

9.1CVSS6.5AI score0.00724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 11:32 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to ip

Summary ip is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-29415 DESCRIPTION: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...

8.1CVSS6.6AI score0.08279EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608