34915 matches found
Security Bulletin: Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch (CVE-2026-33671, CVE-2026-33672)
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Picomatch CVE-2026-33671, CVE-2026-33672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior...
Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)
Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...
Security Bulletin: IBM Financial Transaction Manager v4 is impacted by multiple vulnerabilities in WebSphere Application Server Liberty
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-codec-http
Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain a potential CRLF injection vulnerability. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Host on Demand.
Summary There are vulnerabilities in IBM Semeru Runtime used by Host on Demand. Host on Demand has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...
Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...
Security Bulletin: Buffer overflow vulnerability in OMR affect Rational Business Developer
Summary There are vulnerabilities in Eclipse OMR used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2026-1188]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Content Manager Enterprise Edition for June 2026 - Multiple CVEs
Summary Content Manager Enterprise Edition is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-342...
Security Bulletin: IBM Event Processing is vulnerable to information disclosure (CVE-2025-68429)
Summary IBM Event Processing may be vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to version...
Security Bulletin: Vulnerabilities in openssl affects IBM Netezza Appliance
Summary The openssl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2026-22796, CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419, CVE-2025-69418, CVE-2025-68160, CVE-2025-66199, CVE-2025-15469, CVE-2025-15468, CVE-2025-15467,...
Security Bulletin: InfoSphere Optim Test Data Fabrication is affected by Arbitrary File Read (CVE-2026-3366)
Summary InfoSphere Optim Test Data Fabrication Resource Manager is affected by Arbitrary File Read via Path Traversal CVE-2026-3366. Vulnerability Details CVEID:CVE-2026-3366 DESCRIPTION: IBM InfoSphere Optim Test Data Fabrication could allow a remote attacker to traverse directories on the syste...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.3 Vulnerability Details CVEID:CVE-2025-11187 DESCRIPTION: Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer...
Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities
Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2026-24072 DESCRIPTION: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier...
Security Bulletin: MongoDB Enterprised Advanced affected by: Exposure of Resource to Wrong Sphere and NULL Pointer Dereference (CVE-2026-34765, CVE-2026-34781)
Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34765, CVE-2026-34781. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34765 DESCRIPTION: Electron is a framework for writing...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use After Free (CVE-2026-34764)
Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-34764. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34764 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications...
Security Bulletin: MongoDB Enterprised Advanced affected by: Missing Authorization and Other Issues (CVE-2026-34766 + 13 more)
Summary There are vulnerabilities in electron-37.8.0.tgz used in MongoDB Enterprised Advanced for IBM, involving 14 CVEs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-34766 DESCRIPTION: Electron is a framework for writing cross-platform desktop applications using...
Security Bulletin: MongoDB Enterprised Advanced affected by: Denial of Service Caused by Improper JSON Parser (WS-2026-0003)
Summary There is a vulnerability in jackson-core-2.15.0.jar, jackson-core-2.18.3.jar, jackson-core-2.19.2.jar, jackson-core-2.19.4.jar used in MongoDB Enterprised Advanced for IBM, involving WS-2026-0003. The vulnerability has been addressed. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The...
Security Bulletin: MongoDB Enterprised Advanced affected by: Inefficient Algorithmic Complexity (CVE-2026-27903, CVE-2026-27904)
Summary There are vulnerabilities in minimatch-9.0.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27903, CVE-2026-27904. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utili...
Security Bulletin: MongoDB Enterprised Advanced affected by: react-router-7.11.0.tgz (CVE-2026-21884, CVE-2026-22029, CVE-2026-22030)
Summary There are vulnerabilities in react-router-7.11.0.tgz used in MongoDB Enterprised Advanced for IBM, involving an XSS vulnerability. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-21884 DESCRIPTION: React Router is a router for React. In @remix-run/react version...
Security Bulletin: MongoDB Enterprised Advanced affected by: XML External Entity (XXE) vulnerability (CVE-2026-24400)
Summary There are vulnerabilities in assertj-core-3.27.6.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-24400. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtu...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-27699)
Summary There are vulnerabilities in basic-ftp-5.0.3.tgz, basic-ftp-5.0.5.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27699. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27699 DESCRIPTION: The basic-ftp FTP client library for Node.js...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Input Validation vulnerability (CVE-2025-15284, CVE-2026-2391)
Summary There are vulnerabilities in qs-6.14.0.tgz, qs-6.14.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-15284, CVE-2026-2391. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...
Security Bulletin: IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack ( CVE-2026-1353 )
Summary IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack. Vulnerability Details CVEID:CVE-2026-1353 DESCRIPTION: IBM App Connect Enterprise could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty and jackson-core (CVE-2026-33870, WS-2026-003)
Summary IBM App Connect for Manufacturing is vulnerable to a request smuggling attack and a Denial of Service attack due to Netty and jackson-core. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle.
Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Apache Log4j and Bouncy Castle. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostnam...
Security Bulletin: Multiple Vulnerabilities in watsonx.data
Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 2 version, which were present in different version from watson.data 2.2 to watsonx.dat 2.3 Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933,CVE-2026-21925,CVE-2026-1188)
Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to...
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of the time crate (CVE-2026-25727)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.92.0.0 uses version 0.3.37 of the time crate which is vulnerable to CVE-2026-25727. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47,...
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed in IBM Business Automation Manager Open Editions 8.0.9-IF0001 Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client...
Security Bulletin: @carbon/ai-chat is vulnerable to XSS if Object.prototype has been compromised in assistant provided content due to DOMPurify ( CVE-2026-41238 CVE-2026-41239 CVE-2026-41240)
Summary DOMPurify trusts Object.prototype for security-critical config, which violates the principle that a sanitizer should be robust against a hostile global environment. If Object.prototype has been compromised, DOMPurify may not sanitize HTML propertly. Vulnerability Details...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime (CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-20018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918)
Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their April 2026 Vulnerability Advisory, plus CVE-2026-6918. For more information please refer to OpenJDK's April 2026 Vulnerability Advisory and the CVE links below. Vulnerability...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Directory Traversal due to plexus-utils (CVE-2025-67030)
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Directory Traversal due to plexus-utils. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in...
Security Bulletin: IBM Automation Decision Services for April 2026- Multiple CVEs addressed
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8....
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Lodash
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Lodash. CVE-2026-2950, CVE-2026-4800 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and...
Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM DevOps Code ClearCase is affected by multiple vulnerabilities.
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2026 Java CPU
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Vulnerabilities found in Java SE affect Rational Business Developer
Summary There are vulnerabilities in Java SE including Oracle January 2026 CPU used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused ...
Security Bulletin: Vulnerabilities in IBM Semeru Runtime affect Rational Business Developer.
Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - July 2022. Vulnerability Details CVEID:CVE-2022-21541...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in postcss-8.5.5.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in postcss-8.5.5.tgz Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5....
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token wi...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in addressable-2.5.2.gem
Summary IBM Watson Discovery Cartridge affected by vulnerability in addressable-2.5.2.gem Vulnerability Details CVEID:CVE-2026-35611 DESCRIPTION: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in IBM SDK Java Technology Edition Quarterly CPU
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in IBM SDK Java Technology Edition Quarterly CPU Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.13.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-1669 DESCRIPTION: Arbitrary file read in the model loading mechanism HDF5 integration in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in picomatch-2.3.1.tgz Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior t...