CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4254 matches found

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

7.5CVSS5.5AI score0.00044EPSS

Exploits0References1

IBM Security Bulletins•added yesterday•3 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not...

9.9CVSS7.6AI score0.00069EPSS

Exploits1Affected Software1

IBM Security Bulletins•added yesterday•5 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 2 Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The...

9.8CVSS7AI score0.00044EPSS

Exploits1Affected Software1

IBM Security Bulletins•added yesterday•4 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git

Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in simple-git. CVE-2026-6951 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code...

9.8CVSS6.4AI score0.00157EPSS

Exploits1Affected Software1

IBM Security Bulletins•added yesterday•9 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios. CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

10CVSS5.7AI score0.00202EPSS

Exploits12Affected Software2

IBM Security Bulletins•added yesterday•3 views

Security Bulletin: IBM watsonx.ai on Cloud Pak for Data is vulnerable to python-Python-3.12.0b4 (Publicly disclosed vulnerability found by Mend) due to python pip package ( CVE-2023-5752, PRISMA-2022-0168)

Summary IBM watsonx.ai on Cloud Pak for Data internally uses CVE-2023-5752 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

5.5CVSS6.5AI score0.00075EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 5 days ago•10 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom. CVE-2026-34601 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

7.5CVSS5.7AI score0.00019EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/05/28 9:55 p.m.•8 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.6.21 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.6.21 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2024-45310 DESCRIPTION: runc is a C...

8.8CVSS7.9AI score0.02889EPSS

Exploits8Affected Software2

RedhatCVE•added 2026/05/28 8:13 p.m.•8 views

CVE-2026-7876

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

9.1CVSS5.8AI score0.00037EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/28 1:52 p.m.•4 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to a vulnerability in path-to-regexp. CVE-2026-4867 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

7.5CVSS5.8AI score0.00018EPSS

Exploits0Affected Software2

IBM Security Bulletins•added 2026/05/28 1:50 p.m.•8 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in path-to-regexp. CVE-2026-4923, CVE-2026-4926 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple...

7.5CVSS6.3AI score0.00019EPSS

Exploits0Affected Software2

IBM Security Bulletins•added 2026/05/28 12:49 a.m.•11 views

Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...

10CVSS7.7AI score0.00944EPSS

Exploits9Affected Software1

CVE•added 2026/05/27 1:56 p.m.•7 views

CVE-2026-7876

CVE-2026-7876 is an authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I). Affected CP4I HSTS versions are 1.5.1–1.5.19. The vulnerability (CWE-287) could allow a transfer client to access files in the server’s local storage that should be restricted....

9.1CVSS5.8AI score0.00037EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/27 1:56 p.m.•36 views

CVE-2026-7876 Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

0.00037EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 1:56 p.m.•5 views

CVE-2026-7876 Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00037EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 1:56 p.m.•7 views

CVE-2026-7876

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00037EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/27 1:56 p.m.•5 views

EUVD-2026-32506

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00037EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•7 views

PT-2026-43986

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19...

5.8AI score0.00037EPSS

Exploits0References2

IBM Security Bulletins•added 2026/05/26 9:30 p.m.•8 views

Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

9.1CVSS5.8AI score0.00037EPSS

Exploits0Affected Software1

NVD•added 2026/05/26 5:16 p.m.•8 views

CVE-2025-36220

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

9.8CVSS0.00049EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by