5614 matches found
CVE-2026-11712
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:22+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 08:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpq3olhqew23 2026-07-03 10:07:39+00:00| seen|...
CVE-2026-11708
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:19+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 07:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mppzywkxsk2r 2026-07-03 10:11:27+00:00| seen|...
CVE-2026-11546
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:02+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 10:11:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcm5w3m52i...
IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)
The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...
CVE-2026-11541 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...
CVE-2026-11806
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
CVE-2026-13759
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...
CVE-2026-11708
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...
CVE-2026-11712
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
CVE-2026-11546
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled...
CVE-2026-11546
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery (SSRF) vulnerability when the adminCenter-1.0 feature is enabled (CVE-2026-11546). Affected product versions and the root cause are described in IBM’s advisory: the vulnerability can im...
CVE-2026-11708
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...
CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...
EUVD-2026-40395
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...
CVE-2026-11714
IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...
CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
EUVD-2026-40394
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...
CVE-2026-13772 IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...
CVE-2026-13773 IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...
Security Bulletin: IBM WebSphere Application Server is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)
Summary IBM WebSphere Application Server is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details CVEID:CVE-2026-11712 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console help system...