Lucene search
+L

85359 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:36 p.m.22 views

Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing...

9.8CVSS7AI score0.41611EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/03 11:6 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...

9.4CVSS7.5AI score0.64718EPSS
Exploits12Affected Software4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55583

Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 Description A remote attacker can send a specifically crafted message to downgrade the Transport Layer Security TLS protocol to a version that has been disabled in the server configuration. This issue involves th...

5.9CVSS5.4AI score0.00405EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 12:55 p.m.7 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net

Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net. CVE-2026-33814 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loo...

7.5CVSS6.6AI score0.00781EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 12:43 p.m.11 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net. CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-39821, CVE-2026-42502, CVE-2026-42506 The vulnerabilities have been addressed. Vulnerability Details...

9.6CVSS6.9AI score0.00478EPSS
Exploits0Affected Software2
Circl
Circl
added 2026/07/02 8:28 a.m.8 views

CVE-2026-11712

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:22+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 08:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpq3olhqew23 2026-07-03 10:07:39+00:00| seen|...

9.3CVSS5.9AI score0.00217EPSS
Exploits0References4
Circl
Circl
added 2026/07/02 8:28 a.m.9 views

CVE-2026-11708

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:19+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 07:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mppzywkxsk2r 2026-07-03 10:11:27+00:00| seen|...

9.3CVSS5.9AI score0.00217EPSS
Exploits0References3
Circl
Circl
added 2026/07/02 8:28 a.m.10 views

CVE-2026-11546

creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:02+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 10:11:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcm5w3m52i...

9.8CVSS5.9AI score0.00222EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:59 p.m.6 views

Security Bulletin: IBM MQ for HPE NonStop is vulnerable to an issue in zlib (CVE-2026-27171)

Summary IBM MQ for HPE NonStop is vulnerable to an issue in versions of zlib, due to excessive CPU consumption when inputs are not properly validated. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because...

5.5CVSS6AI score0.00204EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/07/01 4:43 p.m.11 views

USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities

It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...

9.8CVSS6.8AI score0.00675EPSS
Exploits35References237
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 4:9 p.m.6 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)

Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...

7.5CVSS7.1AI score0.00486EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)

The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...

7.5CVSS5.5AI score0.00549EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 9:16 p.m.10 views

CVE-2025-36359

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...

8.1CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2025-36333

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow...

4.3CVSS0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2025-36321

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00407EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.6 views

CVE-2025-12530

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:56 p.m.29 views

CVE-2026-11541 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...

7.4CVSS0.00418EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:34 p.m.6 views

EUVD-2025-210384

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

5.9CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:23 p.m.16 views

CVE-2025-36319

CVE-2025-36319 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue allows an authenticated user to trigger a temporary denial of service via a specially crafted HTTP request caused by improper allocation of resource throttling. The connected data sources do no...

4.3CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 8:22 p.m.7 views

EUVD-2025-210382

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.5AI score0.00257EPSS
Exploits0References1
Rows per page
Query Builder