Lucene search
K

780 matches found

NVD
NVD
added 2026/07/08 4:16 p.m.11 views

CVE-2026-9074

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.8CVSS0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 3:24 p.m.32 views

CVE-2026-9074 IBM API Connect SQL Injection

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS0.00507EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 3:24 p.m.13 views

CVE-2026-9074

IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...

9.8CVSS6AI score0.00507EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/08 3:24 p.m.7 views

EUVD-2026-42307

IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...

9.1CVSS6AI score0.00507EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/08 3:22 p.m.33 views

CVE-2026-3144 IBM API Connect Default Credentials

IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update...

8.1CVSS0.00412EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 3:22 p.m.8 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The issue is the use of default credentials, which could allow an attacker to gain unauthorized access to the application before the system enforces a credential update. Exploitation details or a remediation/fix are not provided in ...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.6 views

PT-2026-56477

Name of the Vulnerable Software and Affected Versions IBM API Connect versions 12.1.0.0 through 12.1.0.3 Description The application uses default credentials, which may allow an attacker to gain unauthorized access before the system requires a credential update. Recommendations Update IBM API...

9.8CVSS6.1AI score0.00412EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 6:33 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00808EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/11 11:57 p.m.22 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.3 Vulnerability Details CVEID:CVE-2025-11187 DESCRIPTION: Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer...

9.8CVSS8.1AI score0.47621EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 8:4 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.2 Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable...

7.8CVSS6.7AI score0.87218EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 4:48 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.7 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an...

7.6CVSS7AI score0.03092EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/06 5:13 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...

8.6CVSS6.8AI score0.01082EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:20 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.6 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A loc...

9.8CVSS6.8AI score0.08673EPSS
Exploits7Affected Software1
The Hacker News
The Hacker News
added 2025/12/31 1:37 p.m.9 views

Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915 , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication...

9.8CVSS6.7AI score0.08673EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/27 1:38 p.m.6 views

CVE-2025-13915

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

9.8CVSS7AI score0.08673EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 2:15 p.m.7 views

CVE-2025-13915

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

9.8CVSS5.8AI score0.08673EPSS
Exploits0References1
NVD
NVD
added 2025/12/26 2:15 p.m.6 views

CVE-2025-13915

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

9.8CVSS0.08673EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 1:16 p.m.29 views

CVE-2025-13915 Authentication bypass in IBM API Connect

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application...

9.8CVSS0.08673EPSS
Exploits0References1
CVE
CVE
added 2025/12/26 1:16 p.m.27 views

CVE-2025-13915

IBM API Connect is affected by CVE-2025-13915, a remote authentication bypass in versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The issue allows an unauthenticated attacker to bypass authentication and gain unauthorized access to the application. IBM’s security bulletin recommends upgrading to version...

9.8CVSS6.6AI score0.08673EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/25 2:4 p.m.11 views

Security Bulletin: Authentication bypass in IBM API Connect

Summary Internal testing has revealed a potential authentication bypass in IBM API Connect Vulnerability Details CVEID:CVE-2025-13915 DESCRIPTION: IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. CWE:CWE-305:...

9.8CVSS7AI score0.08673EPSS
Exploits0Affected Software1
Rows per page
Query Builder