CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added yesterday•8 views

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

7.5CVSS6.8AI score0.99019EPSS

Exploits14Affected Software1

IBM Security Bulletins•added yesterday•10 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System

Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacke...

8.1CVSS6.9AI score0.01157EPSS

IBM Security Bulletins•added yesterday•5 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow a Regular Expression Denial of Service (ReDoS) attack

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41848 DESCRIPTION: Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then...

7.5CVSS5.8AI score0.00317EPSS

IBM Security Bulletins•added yesterday•10 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

7.5CVSS6AI score0.00383EPSS

Exploits0Affected Software3

IBM Security Bulletins•added yesterday•13 views

Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...

7.5CVSS6AI score0.00696EPSS

9.1CVSS6AI score0.0043EPSS

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...

9.1CVSS7.3AI score0.03645EPSS

Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Netty, Picomatch . Vulnerabilities include stack-based buffer overflow, improper encoding or escaping of output, deserialization of untrusted data, improper restriction of operations within the bounds of a memo...

Exploits3Affected Software1

9.1CVSS5.9AI score0.00522EPSS

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

7.5CVSS6.2AI score0.00362EPSS

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called wit...

9.1CVSS6.1AI score0.0046EPSS

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

7.8CVSS5.6AI score0.00246EPSS

Security Bulletin: IBM MQ Appliance is affected by a Linux kernel vulnerability (CVE-2024-41073)

Summary IBM MQ appliance has addressed a Linux kernel vulnerability. Vulnerability Details CVEID:CVE-2024-41073 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fai...

8.7CVSS6AI score0.00378EPSS

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2026-34282,CVE-2026-22016,CVE-2026-23865,CVE-2026-22021,CVE-2026-22013,CVE-2026-22018,CVE-2026-22008,CVE-2026-34268,CVE-2026-22007,CVE-2026-6918)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

IBM Security Bulletins•added yesterday•3 views

Security Bulletin: IBM MQ Appliance appliance is affected by multiple Java vulnerabilities

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability...

8.7CVSS6.1AI score0.00378EPSS

8.8CVSS5.3AI score0.02164EPSS

Security Bulletin: Due to use of IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Storage Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions...

Exploits3Affected Software3

10CVSS6AI score0.00545EPSS

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler...

Security Bulletin: Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS

Summary Langflow OSS contains unauthenticated access vulnerability in /api/v1/buildpublictmp/ router endpoints allowing arbitrary jobid access without authentication or authorization checks. Two endpoints affected: 1 GET /buildpublictmp/jobid/events chat.py:758 streams live build events for any...

6.1AI score