Lucene search
K

5614 matches found

Circl
Circl
added 2026/07/02 8:28 a.m.8 views

CVE-2026-11712

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:22+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 08:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpq3olhqew23 2026-07-03 10:07:39+00:00| seen|...

9.3CVSS5.9AI score0.00217EPSS
Exploits0References4
Circl
Circl
added 2026/07/02 8:28 a.m.8 views

CVE-2026-11708

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:19+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 07:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mppzywkxsk2r 2026-07-03 10:11:27+00:00| seen|...

9.3CVSS5.9AI score0.00217EPSS
Exploits0References3
Circl
Circl
added 2026/07/02 8:28 a.m.10 views

CVE-2026-11546

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:02+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 10:11:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcm5w3m52i...

9.8CVSS5.9AI score0.00222EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...

7.5CVSS6AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 8:56 p.m.28 views

CVE-2026-11541 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...

7.4CVSS0.00418EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11806

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.5CVSS0.00472EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

8.8CVSS0.00303EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.8 views

CVE-2026-11712

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:51 p.m.7 views

CVE-2026-11546

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:51 p.m.11 views

CVE-2026-11546

IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery (SSRF) vulnerability when the adminCenter-1.0 feature is enabled (CVE-2026-11546). Affected product versions and the root cause are described in IBM’s advisory: the vulnerability can im...

9.8CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:47 p.m.7 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:45 p.m.38 views

CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:44 p.m.6 views

EUVD-2026-40395

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:44 p.m.17 views

CVE-2026-11714

IBM WebSphere Application Server Liberty versions 17.0.0.3 through 26.0.0.7 are affected by a server-side request forgery (SSRF) vulnerability in the apiDiscovery-1.0 feature. The issue is identified as CVE-2026-11714; IBM’s bulletin reports CVSS v3.1 base score 8.5 (PR:L, S:C, C:H/I:L/A:N). The ...

9.8CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:43 p.m.40 views

CVE-2026-11806 IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS0.00472EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:43 p.m.7 views

EUVD-2026-40394

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled...

7.2CVSS5.9AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:21 p.m.37 views

CVE-2026-13772 IBM WebSphere eXtreme Scale's OQL is affected by remote code execution

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:20 p.m.36 views

CVE-2026-13773 IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS0.03415EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 5:25 p.m.4 views

Security Bulletin: IBM WebSphere Application Server is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details CVEID:CVE-2026-11712 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console help system...

9.3CVSS5.6AI score0.00474EPSS
Exploits0Affected Software1
Rows per page
Query Builder