Lucene search
+L

5152 matches found

Cvelist
Cvelist
added 2026/02/17 6:53 p.m.31 views

CVE-2025-36019 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.1CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 6:53 p.m.22 views

CVE-2025-36019

IBM Concert Z hub framework (versions 1.0.0 through 2.1.0) is affected by a cross-site scripting vulnerability enabling an unauthenticated attacker to inject arbitrary JavaScript into the Web UI, potentially leading to credentials disclosure within a trusted session. Remediation recommended in PT...

6.1CVSS6.9AI score0.00162EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.11 views

PT-2026-20243

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform versions 3.0.0.0 through 3.0.5.4 Interim Fix 027 Description The software is susceptible to cross-site scripting. An unauthenticated attacker can embed...

6.1CVSS5.1AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/05 1:23 a.m.9 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS4.9AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 9:15 p.m.9 views

CVE-2023-38017

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.3CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 8:44 p.m.3 views

CVE-2023-38017 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.3CVSS5AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 8:44 p.m.18 views

CVE-2023-38017

CVE-2023-38017 affects IBM Cloud Pak System and related IBM Cloud Pak components, with a cross-site scripting vulnerability in the Web UI that could allow arbitrary JavaScript execution and credentials disclosure in a trusted session. Publicly documented details show affected versions for IBM Clo...

5.3CVSS5AI score0.00285EPSS
Exploits0References1Affected Software2
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.8 views

CVE-2025-36436

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 11:16 p.m.5 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS5.5AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 11:16 p.m.10 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 10:12 p.m.34 views

CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 10:12 p.m.33 views

CVE-2025-36033

CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...

5.4CVSS5AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.12 views

PT-2026-5896

Name of the Vulnerable Software and Affected Versions IBM Engineering Lifecycle Management - Global Configuration Management versions 7.0.3 through 7.0.3 Interim Fix 017 IBM Engineering Lifecycle Management - Global Configuration Management versions 7.1.0 through 7.1.0 Interim Fix 004 Description...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References6
OSV
OSV
added 2026/02/02 11:15 p.m.12 views

CVE-2025-36436

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

5.4CVSS6.8AI score0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 9:51 p.m.4 views

CVE-2025-36436 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS5AI score0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 9:51 p.m.4 views

CVE-2025-36436

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS5AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/02 9:51 p.m.32 views

CVE-2025-36436 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/02/02 9:51 p.m.17 views

CVE-2025-36436

CVE-2025-36436 affects IBM Cloud Pak for Business Automation (CPBA). The vulnerability is a stored cross-site scripting (XSS) flaw in the Web UI that can be triggered by an authenticated user, potentially allowing arbitrary JavaScript execution and credential disclosure within a trusted session. ...

6.4CVSS5AI score0.0021EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.15 views

PT-2026-5701

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS5AI score0.0021EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/24 9:15 a.m.18 views

CVE-2026-0767

Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploit this vulnerability. The specific flaw...

6.5CVSS5.5AI score0.00241EPSS
Exploits1References1
Rows per page
Query Builder