Lucene search
K

1615 matches found

OSV
OSV
added 2026/02/17 8:22 p.m.4 views

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS5.7AI score0.00112EPSS
Exploits0References1
NVD
NVD
added 2026/02/17 8:22 p.m.8 views

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 7:50 p.m.27 views

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

5.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/17 7:48 p.m.5 views

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

6.8CVSS5.5AI score0.00137EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/17 7:35 p.m.6 views

CVE-2025-27901

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system,...

6.5CVSS5.4AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/17 7:30 p.m.4 views

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20231

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software does not invalidate sessions after a timeout. This could allow an authenticated user to impersonate another user on the system. Recommendations At the moment,...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20233

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software contains a flaw that could enable a remote attacker to carry out phishing attacks through an open redirect. A crafted website can be used to exploit this issu...

6.8CVSS5.8AI score0.00137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20232

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.11 views

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 跨站脚本漏洞

IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform is a payment integration and processing platform provided by IBM. Version 3.0.0.0 to 3.0.5.4 Interim Fix 027 of IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform contain...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.5 views

PT-2026-20235

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX, and Windows transmits data over a cleartext communication channel. This could allow an attacker to intercept sensitive information...

5.9CVSS5.4AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20243

Name of the Vulnerable Software and Affected Versions IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform versions 3.0.0.0 through 3.0.5.4 Interim Fix 027 Description The software is susceptible to cross-site scripting. An unauthenticated attacker can embed...

6.1CVSS5.1AI score0.00172EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/09 4:51 p.m.7 views

Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

Summary Fixes to common vulnerabilities discovered in IBM Db2 Merge Backup for Linux, UNIX and Windows v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33130 DESCRIPTION: IBM Db2 Merge Backup for Linux, UNIX and Windows could allow an authenticated user to cause the...

7.5CVSS5.9AI score0.0024EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/03 11:16 p.m.4 views

CVE-2025-36094

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to the improper validation of input length...

8.1CVSS5.8AI score0.00215EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:12 p.m.3 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS4.9AI score0.00136EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/02 9:51 p.m.28 views

CVE-2025-36436 Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

6.4CVSS0.0021EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 5:24 p.m.7 views

Security Bulletin: Security vulnerability in Apache Commons Lang may affect IBM Business Automation Workflow - CVE-2025-48924

Summary IBM Business Automation Workflow packages a vulnerable copy of the Apache Commons Lang open source library. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.4AI score0.02164EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 4:15 p.m.18 views

Security Bulletin: Denial of Service vulnerability in axios may affect IBM Business Automation Workflow - CVE-2025-58754

Summary IBM Business Automation Workflow packages a vulnerable version of the axios library. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:13 p.m.11 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a privileged user to...

7.6CVSS6.5AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:24 p.m.11 views

Security Bulletin: Security vulnerability in min-document may affect IBM Business Automation Workflow - CVE-2025-57352

Summary IBM Business Automation Workflow packages a vulnerable copy of min-document. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION: A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttribute...

5.3CVSS6.1AI score0.00329EPSS
Exploits0Affected Software1
Rows per page
Query Builder