CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2025/09/05 11:0 a.m.•6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.1AI score0.00252EPSS

IBM Security Bulletins•added 2025/09/05 10:59 a.m.•6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

7.5CVSS8.7AI score0.00399EPSS

IBM Security Bulletins•added 2025/09/05 10:58 a.m.•8 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976)

7.5CVSS7.5AI score0.63258EPSS

Exploits1Affected Software11

IBM Security Bulletins•added 2025/09/01 10:30 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to transformers-4.48.0-py3-none-any.whl CVE-2025-2099. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring...

7.5CVSS7.1AI score0.00511EPSS

IBM Security Bulletins•added 2025/08/04 7:13 a.m.•12 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

9.1CVSS6.7AI score0.00759EPSS

IBM Security Bulletins•added 2025/08/04 6:37 a.m.•8 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...

8.8CVSS7.7AI score0.60841EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/08/01 10:47 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...

6.1CVSS6.2AI score0.00559EPSS

IBM Security Bulletins•added 2025/08/01 10:38 a.m.•10 views

Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6.

Summary IBM Maximo Application Suite uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable toCVE-2024-6866, CVE-2024-6839, CVE-2024-6.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors...

7.5CVSS7AI score0.00607EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2025/08/01 10:33 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...

6.2CVSS6.8AI score0.00478EPSS

IBM Security Bulletins•added 2025/08/01 10:29 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844 Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors version 4.01 contain...

7.5CVSS6.8AI score0.00607EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2025/08/01 10:28 a.m.•4 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to this CVE-2025-27516

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to this CVE-2025-27516 Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how...

8.8CVSS7.3AI score0.00465EPSS

IBM Security Bulletins•added 2025/07/31 5:40 a.m.•7 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104)

7.6CVSS6.5AI score0.00192EPSS

IBM Security Bulletins•added 2025/07/31 5:37 a.m.•6 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

7.8CVSS7.2AI score0.00749EPSS

IBM Security Bulletins•added 2025/07/29 7:10 p.m.•5 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses urllib3 is a user-friendly HTTP client library for Python will remain the vulnerable.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses urllib3 is a user-friendly HTTP client library for Python will remain the vulnerable.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50181...

6.1CVSS6.5AI score0.00341EPSS

IBM Security Bulletins•added 2025/07/29 7:10 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

8.2CVSS6.7AI score0.00281EPSS

IBM Security Bulletins•added 2025/07/23 10:55 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965.

Summary IBM Maximo Application Suite uses axios-1.7.7.tgz which is vulnerable to CVE-2024-57965. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not u...

9.8CVSS5.3AI score0.00342EPSS

IBM Security Bulletins•added 2025/07/21 8:3 a.m.•4 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

7.5CVSS7AI score0.00399EPSS

IBM Security Bulletins•added 2025/07/21 8:2 a.m.•5 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-56339)

7.5CVSS6.8AI score0.00373EPSS

IBM Security Bulletins•added 2025/07/21 7:44 a.m.•18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038)

9.8CVSS7.9AI score0.08023EPSS