Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:30 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy [CVE-2024-45338]

Summary IBM Watson Speech Services Cartridge is vulnerable to slow parsing in golang.org/x/net/proxy, due to non-linearly parsing of input with respect to its length CVE-2024-45338 . Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

5.3CVSS6.5AI score0.00856EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:27 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy [CVE-2025-22870]

Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of Input in golang.org/x/net/proxy, due to matching of hosts against proxy patterns which can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Golang is used in our speech utilities. This...

4.4CVSS6.5AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:23 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Insufficiently Protected Credentials in Requests [CVE-2024-47081]

Summary IBM Watson Speech Services Cartridge is vulnerable to Insufficiently Protected Credentials in Requests, due to a URL parsing issue CVE-2024-47081. Requests is used in our speech runtimes This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability...

5.3CVSS6.2AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:4 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Node DOS vulnerability in Kubernetes [CVE-2025-0426]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Node DOS vulnerability in Kubernetes, due to a flaw in the kubelet read-only HTTP endpoint CVE-2025-0426. Kubernetes is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details for remediation...

6.2CVSS6.5AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:3 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in protobuf [CVE-2025-47273]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in Chuck-protobuf, due to a flaw in setuptoolsPackageIndex CVE-2025-47273. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

8.8CVSS7.8AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 2:34 p.m.5 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities.

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by...

8.2CVSS7.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 2:17 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime (CVE-2025-53057, CVE-2025-53066)

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their October 2025 Vulnerability Advisory. For more information please refer to OpenJDK's October 2025 Vulnerability Advisory and the CVE links below. Vulnerability Details...

7.5CVSS7AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 2:11 p.m.12 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2025 Critical Patch Update. For more information please refer to Oracle's October 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...

7.5CVSS7.1AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:43 a.m.4 views

Security Bulletin: IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL

Summary IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL CVE-2025-36249. Vulnerability Details CVEID:CVE-2025-36249 DESCRIPTION: IBM Jazz for Service Management does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to...

5.3CVSS6.5AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:22 a.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.17 LTS and 12.17.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.6CVSS6.4AI score0.01185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:20 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to improper access control [CVE-2025-48734]

Summary Apache Commons Beanutils is used by IBM App Connect Enterprise Certified Container when using MQ FTE. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run flows that use MQ FTE are vulnerable to improper access contro...

8.8CVSS7AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:17 a.m.13 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality [CVE-2025-59343]

Summary Node.js module tar-fs is used by IBM App Connect Enterprise Certified Container for processing tar files and streams. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

8.7CVSS6.4AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:14 a.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that use email nodes are vulnerable to loss of confidentiality [GHSA-mm7p-fcc7-pg87]

Summary Node.js module nodemailer is used by IBM App Connect Enterprise Certified Container for processing email in Designer flows that contain an email Node. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run flows...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:14 a.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Oct 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.3 IF001 Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to ru...

7.5CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 11:10 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-58754]

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for some HTTP calls. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

7.5CVSS6.3AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 9:12 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to privilege escalation (CVE-2025-33003)

Summary A privilege escalation vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-33003 DESCRIPTION: IBM InfoSphere Information Server could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to executio...

7.8CVSS7.2AI score0.00125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 8:15 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that...

9.8CVSS8.2AI score0.64718EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:34 p.m.6 views

Security Bulletin: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer Endpoint are vulnerable to an interger overflow attack

Summary A vulnerability has been identified in Redis' in-memory data structure store that could lead to remote code execution. This vulnerability has been addressed in IBM Aspera High-Speed Transfer Server v4.4.7 and IBM Aspera High-Speed Transfer Endpoint v4.4.7 and part of the same remediation...

8.8CVSS8.1AI score0.03692EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 6:33 p.m.4 views

Security Bulletin: IBM Tivoli Monitoring is vulnerable to unauthenticated file read and write operations

Summary The KT1 component of ITM/ITCAM Agents, hereafter referred to as simply Agents, provides the ability to read from and write to the local file system. This facility is utilised by features such as SDA, Self-Describing Agent, which ensures that updates to a product's application support file...

9.8CVSS6.4AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 6:5 p.m.5 views

Security Bulletin: IBM Financial Transaction Manager is impacted by an out-of-bounds read vulnerability in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function d...

8.1CVSS6.4AI score0.02394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 5:25 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.0 Vulnerability Details CVEID:CVE-2025-58767 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need ...

9.8CVSS7.6AI score0.06372EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 5:17 p.m.23 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.11.1 Vulnerability Details CVEID:CVE-2025-8129 DESCRIPTION: A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js o...

7.5CVSS6.9AI score0.00868EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 4:3 p.m.4 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to Execution with Unnecessary Privileges, CVE-2025-36137.

Summary IBM Sterling Control Center can apply maintenance to and upgrade IBM Sterling Connect:Direct for UNIX. The Control Center administrator has the option of running pre and post update scripts. Those scripts are run as root; they should be run as the standard user account under which...

7.2CVSS6.8AI score0.00322EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 2:10 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to data corruption due to LZ4 (CVE-2019-17543)

Summary LZ4 is used in multiple components of IBM DataPower Gateway Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This iss...

8.1CVSS7AI score0.09116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 2:8 p.m.7 views

Security Bulletin: IBM DataPower vulnerable to a Denial of Service due to Axios (CVE-2025-58754)

Summary Axios is used in the UI of IBM DataPower and in the gateway director component. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 1:25 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF29 patch. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumer...

8.1CVSS6.7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 1:18 p.m.10 views

Security Bulletin: IBM QRadar Hub for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Hub for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP clien...

9.4CVSS6.5AI score0.01735EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:32 a.m.3 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081

Summary IBM Maximo Application Suite - Manage Component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. D...

5.3CVSS6.6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:13 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in nimbus-jose-jwt Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of servic...

5.8CVSS6.5AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:13 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:13 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prio...

7.5CVSS6.6AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:13 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVSS...

6.8CVSS6.5AI score0.0056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:13 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download...

8.8CVSS8.3AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/30 7:12 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch Vulnerability Details CVEID:CVE-2025-2953 DESCRIPTION: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d...

5.5CVSS6AI score0.00237EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:23 p.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by stored Cross-Site Scripting

Summary A vulnerability has been addressed by IBM Engineering Lifecycle Management - Jazz Foundation, related to stored Cross-Site Scripting. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-1826 DESCRIPTION: IBM Engineerin...

5.4CVSS6AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:18 p.m.10 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews (CVE-2025-2139) and comments (CVE-2025-2138), email spoofing (CVE-2025-2140) and DoS attacks (CVE-2025-33096)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Broken Access Control for reviews CVE-2025-2139 and comments CVE-2025-2138, Unrestricted Email Recipients and Sender Spoofing CVE-2025-2140 and Artifact Upload Quote Parsing Allows DoS Attacks CVE-2025-33096. Vulnerabilit...

6.5CVSS6.4AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 6:27 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a deny of service attack due to the Netty package (CVE-2025-55163)

Summary Netty is used by DataStage on Cloud Pak for Data as part of the API processing functionality. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable ...

8.2CVSS6.7AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 6:26 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Java package (CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106)

Summary Java is used by DataStage on Cloud Pak for Data as part of overall processing functionality. Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

8.6CVSS6.5AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 6:25 p.m.4 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled recursion due to the Apache Commons Lang package (CVE-2025-48924)

Summary Apache Commons Lang is used by DataStage on Cloud Pak for Data as part of API processing functionality. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 11:11 a.m.13 views

Security Bulletin: CVE-2023-39417: Extension script @substitutions@ within quoting allow SQL injection

Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...

8.8CVSS8.9AI score0.01572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:56 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive...

8.2CVSS6.7AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:56 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive...

8.2CVSS6.7AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:55 a.m.31 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

8.7CVSS6.6AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:55 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch Vulnerability Details CVEID:CVE-2025-3730 DESCRIPTION: A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of...

5.5CVSS3.6AI score0.00271EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:55 a.m.309 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47944 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

7.5CVSS7.8AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:55 a.m.18 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and...

7.5CVSS8AI score0.00683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:51 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel requests

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior ...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:51 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credential...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:50 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credential...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:50 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel requests

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel requests Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior ...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608