CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2897 matches found

IBM Maximo Asset Management Information Disclosure - XML External Entity Injection

IBM Maximo Asset Management is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. id: CVE-2020-4463 info: name: IBM Maximo Asset Management Information...

8.2CVSS7.3AI score0.3159EPSS

Exploits1References5

IBM Security Bulletins•added 2026/06/15 10:3 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...

8.7CVSS7.3AI score0.00485EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/11 3:44 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033

Summary IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS7.7AI score0.00421EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2026/06/10 2:8 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

7.5CVSS5.5AI score0.00496EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/10 12:21 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3...

6.1CVSS7.4AI score0.00284EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/03 2:54 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621.

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty...

7.5CVSS5.8AI score0.00276EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/03 7:21 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449

Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...

4.8CVSS5.8AI score0.00112EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/03 7:19 a.m.•16 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.00469EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/06/03 7:18 a.m.•23 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

9.8CVSS7.5AI score0.01026EPSS

Exploits6Affected Software1

IBM Security Bulletins•added 2026/06/02 2:59 p.m.•9 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-29063)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty i used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

9.8CVSS5.7AI score0.00611EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/06/02 12:17 p.m.•8 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, axios-1.13.5.tgz, protobufjs-7.3.2.tgz and axios-1.15.0.tgz which are vulnerable to CVE-2026-34073, CVE-2026-39892, CVE-2025-62718, CVE-2026-40175, PSIRT-WS-2026-0004, CVE-2026-41242, CVE-2026-42033,...

7.5CVSS6.2AI score0.00421EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2026/06/02 9:1 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty was affected by prototype pollution vulnerability due to immutable CVE-2026-29063. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

9.8CVSS6.8AI score0.00611EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/06/01 12:27 p.m.•8 views

Security Bulletin: There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41988)

Summary There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

3.2CVSS5.8AI score0.00138EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/01 12:27 p.m.•8 views

Security Bulletin: There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41305)

Summary There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an...

6.1CVSS5.8AI score0.00205EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/01 12:17 p.m.•23 views

Security Bulletin: There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41238)

Summary There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are...

6.9CVSS5.8AI score0.00263EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/06/01 11:47 a.m.•12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539

Summary IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security fla...

4.8CVSS5.4AI score0.00156EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/01 11:47 a.m.•13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

9.3CVSS5.8AI score0.00337EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/06/01 10:47 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects ...

7.5CVSS5.8AI score0.00296EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/01 8:35 a.m.•8 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses fast-xml-parser-5.3.6.tgz, mlflow-3.9.0rc0-py3-none-any.whl, bcpkix-jdk18on-1.79.jar, pythonmultipart-0.0.24-py3-none-any.whl, bcprov-jdk18on-1.79.jar, spring-security-core-6.5.9.jar, spring-boot-autoconfigure-3.5.13.jar, spring-web-6.2.17.jar,...

9.8CVSS5.9AI score0.00494EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2026/06/01 8:30 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

7.5CVSS5.9AI score0.0043EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by