13262 matches found
EUVD-2026-38346
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server...
CVE-2026-10852
IBM i 7.3–7.6 and IBM WebSphere Application Server/Liberty are affected by CVE-2026-10852, a denial-of-service in the WebSphere WebServer Plug-in when crafted requests are sent. Root cause cited: NULL Pointer Dereference (CWE-476). CVSS 3.1 base score 5.9 (Network, High attack complexity, No priv...
CVE-2026-9071
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-9320
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-9006
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
CVE-2026-8646
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...
CVE-2026-8858
IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the applicatio...
CVE-2026-10845
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...
EUVD-2026-38254
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-9320
Summary: CVE-2026-9320 affects IBM WebSphere Application Server (Traditional 9.0 and 8.5) and WebSphere Application Server Liberty (17.0.0.3–26.0.0.6). A denial of service results from processing a specially crafted request, which can cause memory resource exhaustion. Impact: server unavailabilit...
CVE-2026-9320 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
EUVD-2026-38253
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
CVE-2026-9071
CVE-2026-9071 affects IBM WebSphere Application Server 9.0 and 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. It is a denial-of-service vulnerability caused by processing a specially crafted request, which can cause the server to consume memory resources (CVSS Base 7.5, Availabi...
EUVD-2026-38252
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure...
CVE-2026-9006
CVE-2026-9006 affects IBM WebSphere Application Server 8.5 and 9.0, where the Ajax Proxy configuration enables server-side request forgery (SSRF). The underlying issue allows an attacker to send unauthorized requests from the server, potentially causing a security bypass or information disclosure...
CVE-2026-8646 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...
EUVD-2026-38251
IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...
CVE-2026-8646
CVE-2026-8646 affects IBM WebSphere Application Server 9.0, 8.5, and WebSphere Application Server Liberty 17.0.0.3–26.0.0.6. The vulnerability is HTTP request smuggling, allowing a remote attacker to bypass security controls, spoof identity, escalate privileges, and expose sensitive information. ...
EUVD-2026-38288
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications...
CVE-2026-10845
CVE-2026-10845 affects IBM WebSphere Application Server 8.5 and 9.0, where an authentication bypass could allow a remote attacker to gain unauthorized access to JAX-WS applications. The root cause is an authentication bypass vulnerability in these WAS components, exposing potential impact on conf...