CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126005 matches found

IBM Security Bulletins•added 2026/05/04 2:24 p.m.•5 views

Security Bulletin: Zip Slip path traversal vulnerability in jaraco.context affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential Zip Slip path traversal vulnerability in jaraco.context has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for...

8.6CVSS5.7AI score0.00527EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2026/05/04 2:23 p.m.•3 views

Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800.

Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2026-2950, CVE-2026-4800. This bulletin contains information addressing the vulnerabilities. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier...

9.8CVSS7AI score0.01026EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:8 p.m.•7 views

Security Bulletin: There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-****-*****)

Summary There is a vulnerability in marked-14.0.0.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41680 DESCRIPTION: Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exis...

8.7CVSS5.8AI score0.00342EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/04 2:7 p.m.•5 views

Security Bulletin: There is a vulnerability in lodash-4.17.23.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-2950)

Summary There is a vulnerability in lodash-4.17.23.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions...

9.8CVSS7.1AI score0.01026EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:6 p.m.•14 views

Security Bulletin: There is a vulnerability in jackson-core-2.15.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (WS-2026-0003)

Summary There is a vulnerability in jackson-core-2.15.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters...

5.8AI score

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:5 p.m.•7 views

Security Bulletin: There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-4867)

Summary There is a vulnerability in path-to-regexp-0.1.12.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you have three or more parameters within a single...

7.5CVSS5.8AI score0.00496EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:4 p.m.•4 views

Security Bulletin: There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34073)

Summary There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes...

6.3CVSS5.7AI score0.00154EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:4 p.m.•5 views

Security Bulletin:WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary WebSphere Application Server Liberty could provide weaker than expected security Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected securit...

9.8CVSS5.8AI score0.00173EPSS

Exploits0Affected Software11

IBM Security Bulletins•added 2026/05/04 2:4 p.m.•5 views

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-29371)

Summary WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

7.5CVSS7.2AI score0.00244EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/04 2:3 p.m.•3 views

Security Bulletin: There is a vulnerability in dompurify-3.2.4.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-15599, CVE-2026-0540)

Summary There is a vulnerability in dompurify-3.2.4.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows...

6.1CVSS7.2AI score0.00284EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:3 p.m.•6 views

Security Bulletin: There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33671)

Summary There is a vulnerability in picomatch-2.3.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regula...

7.5CVSS6.1AI score0.00412EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:2 p.m.•7 views

Security Bulletin: WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14914)

Summary WebSphere Application Server Liberty is affected by a remote code execution vulnerability used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could...

7.6CVSS6.6AI score0.0039EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 2:2 p.m.•3 views

Security Bulletin: WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-12635)

Summary WebSphere Application Server Liberty is affected by cross-site scripting used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty...

5.4CVSS5.7AI score0.00139EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 12:51 p.m.•5 views

Security Bulletin:ACE Vulnerability in QOS.CH Logback-core 1.5.24: Class Instantiation via Compromised Configuration File

Summary ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a...

1.8CVSS5.8AI score0.00159EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 12:50 p.m.•7 views

Security Bulletin:Flask Vary Cookie Header Vulnerability: Use of Cache Containing Sensitive Information Fixed in 3.1.3

Summary Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not t...

4.3CVSS5.8AI score0.00374EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 12:48 p.m.•4 views

Security Bulletin:Werkzeug safe_join function allows path segments with Windows device names containing file extensions or trailing spaces

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly...

6.3CVSS5.8AI score0.00424EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 12:47 p.m.•6 views

Security Bulletin:Werkzeug Safe Join Function Vulnerability: Path Segments with Windows Device Names Prior to Version 3.1.4

Summary Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory...

6.3CVSS5.9AI score0.00466EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/04 12:46 p.m.•6 views

Security Bulletin:Safe Join Function Vulnerability Fixed in Werkzeug v3.1.6

Summary Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fac...

6.3CVSS5.7AI score0.00556EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/04 12:45 p.m.•9 views

Security Bulletin:Requests SSL Verification Issue Fixed in 2.32.0

Summary Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value ...

5.6CVSS6.6AI score0.00846EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/04 12:43 p.m.•4 views

Security Bulletin:Netty CRLF Injection in HttpRequestEncoder: Request Smuggling Vulnerability Fixed in 4.1.129.Final and 4.2.8.Final

Summary Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when...

6.5CVSS6.5AI score0.00292EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by