Where
-Infinity
0

Trending

Last week
Last month
Last year

IBM watsonx.data intelligence29 vulnerabilities

First published (updated )
Advisory
IBM-7270923

Vulnerabilities found

Risk 36
Severity
6.2
First published (updated )
CVE-2025-36335

flatted: Prototype Pollution via parse()

Risk 61
Severity
8.9
EPSS
0.03%
First published (updated )
CVE-2026-33228

undici is vulnerable to Unhandled Exception in undici WebSocket Client Due to Invalid server_max_window_bits Validation

Risk 43
Severity
7.5
First published (updated )
CVE-2026-2229

undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1528

undici is vulnerable to CRLF Injection via upgrade option

Risk 30
Severity
4.6
First published (updated )
CVE-2026-1527

undici is vulnerable to Unbounded Memory Consumption in undici WebSocket permessage-deflate Decompression

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1526

undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Risk 86
Severity
9.8
First published (updated )
CVE-2026-1525

fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

Risk 43
Severity
9.3
EPSS
0.04%
First published (updated )
CVE-2026-25896

Swiper has a Prototype Pollution Vulnerability

Risk 57
Severity
9.4
EPSS
0.06%
First published (updated )
CVE-2026-27212

minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern

Risk 33
Severity
8.7
EPSS
0.05%
First published (updated )
CVE-2026-26996

Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution

Risk 87
Severity
10
First published (updated )
CVE-2025-14009

node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction

Risk 38
Severity
7.1
EPSS
0.01%
First published (updated )
CVE-2026-26960

Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-24734

qs's arrayLimit bypass in comma parsing allows denial of service

Risk 31
Severity
6.3
EPSS
0.02%
First published (updated )
CVE-2026-2391

Pillow has an out-of-bounds write when loading PSD images

Risk 61
Severity
8.9
EPSS
0.02%
First published (updated )
CVE-2026-25990

cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Risk 33
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-26007

Axios affected by Denial of Service via __proto__ Key in mergeConfig

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-25639

IBM WebSphere Application Server Liberty Path Traversal

Risk 60
Severity
7.6
First published (updated )
CVE-2025-14914

fast-xml-parser has RangeError DoS Numeric Entities Bug

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-25128

Buffer Overflow

Risk 86
Severity
6.9
First published (updated )
CVE-2026-1188

node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal

Risk 38
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-24842

Python-Multipart has Arbitrary File Write via Non-Default Configuration

Risk 65
Severity
8.6
Exploited
EPSS
0.02%
First published (updated )
CVE-2026-24486

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

Risk 47
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-24400

Denial of Service in Python Protobuf

Risk 43
Severity
8.2
First published (updated )
CVE-2026-0994

node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS

Risk 46
Severity
8.8
EPSS
0.01%
First published (updated )
CVE-2026-23950

node-tar Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

Risk 36
Severity
8.2
EPSS
0.01%
First published (updated )
CVE-2026-23745

Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue th…

Risk 31
Severity
7.5
EPSS
0.05%
First published (updated )
CVE-2026-21945

XSS, CRLF Injection

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-21933

Desktop.browse() will run a program if the URI is a filename while the documentation says that the d…

Risk 30
Severity
7.4
EPSS
0.03%
First published (updated )
CVE-2026-21932

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203