35608 matches found
Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling (CVE-2026-29181)
Summary There are vulnerabilities in go.opentelemetry.io/otel-v1.37.0, go.opentelemetry.io/otel-v1.38.0, go.opentelemetry.io/otel-v1.40.0 used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-29181. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-29181...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Cross-Site Scripting.
Summary compiler-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-32635. Vulnerability Details CVEID:CVE-2026-32635 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Regular Expression Denial of Service.
Summary picomatch-2.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33671, CVE-2026-33672. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Uncontrolled Resource Consumption.
Summary brace-expansion-2.0.2.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33750. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by command injection.
Summary glob-10.4.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64756. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.
Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.
Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.
Summary IBM Java is used by IBM Sterling Connect:Direct Web Services CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.
Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues
Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-2200...
Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924
Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192
Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...
Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605
Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605, CVE-2026-1605 is a high-severity vulnerability in the Eclipse Jetty web server caused by improper resource management in the GzipHandler component. IBM Engineering Systems Design Rhapsody has resolve...
Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143
Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...
Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925
Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was using Older version of Java which as per Oracle's January 2026 Critical Patch Update, all affecting Oracle Java SE and related GraalVM runtimes. Collectively, they highlight weaknesses in how Java handles untrusted code,...
Security Bulletin: Security vulnerability has been identified in dojo library shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-1000665)
Summary Security vulnerability has been addressed in IBM Guardium Key Lifecycle Manager SKLM/GKLM Vulnerability Details CVEID:CVE-2018-1000665 DESCRIPTION: Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION:...
Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-9330 DESCRIPTION:...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026
Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...
Security Bulletin: Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.
Summary The functions qiskit.qasm2.load and qiskit.qasm2.loads may recurse too deeply and overflow the available stack space, when encountering certain classical expressions. Vulnerability Details CVEID:CVE-2026-4870 DESCRIPTION: IBM Qiskit SDK could allow an attacker to trigger a segmentation...
Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...
Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API
Summary IBM Langflow Desktop contains a critical vulnerability in its v2 API file handling mechanism where the POST /api/v2/files/ endpoint improperly processes multipart upload filenames without sanitization, allowing path traversal and arbitrary file write outside intended directories; this fla...
Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization
Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...
Security Bulletin: Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint
Summary IBM Langflow Desktop contains a vulnerability in its image retrieval functionality where the GET /api/v1/files/images/flowid/filename endpoint fails to enforce authentication and ownership validation, allowing any unauthenticated user to access image files by supplying a valid flow...
Security Bulletin: Langflow OSS Unauthenticated IDOR on Image Downloads
Summary Langflow OSS versions 1.0.0 - 1.8.4 are affected by an insecure direct object reference vulnerability in the image download endpoint due to missing authentication and authorization checks. The images endpoint serves image files without verifying user identity or ownership. An user who get...
Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...
Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...
Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...
Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed
Summary Vulnerabilities have been identified in HTML / XSS Injection, which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2025-33128 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to cross-site scripting. This...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-27139 DESCRIPTION: On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference ...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...
Security Bulletin: Multiple vulnerabbilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition core components
Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 17.0.18.0, which is used by IBM Tivoli Network Manager IP Edition v4.2 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java
Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...
Security Bulletin: The IBM Common Licensing product using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Java SE (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933).
Summary IBM Event Streams is affected by multiple vulnerabilities in Java SE. These vulnerabilities could allow a remote attacker to cause a denial of service condition, bypass security restrictions, or perform unauthorized operations on data processed by affected Java components. Vulnerability...
Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities
Summary IBM Event Processing is affected by Multiple vulnerabilities and were addressed in IBM Event Processing version 1.5.3 Vulnerability Details CVEID:CVE-2026-27148 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions...
Security Bulletin: IBM TRIRIGA Cross-Site Scripting Vulnerability
Summary IBM TRIRIGA is affected by a Cross-Site Scripting XSS vulnerability that could allow a remote authenticated user to inject malicious script into a web page viewed by other users. Successful exploitation could result in execution of arbitrary script within the victim's browser session. IBM...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...
Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.3 Vulnerability Details CVEID:CVE-2026-42245 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4,...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2026-45740 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth...
Security Bulletin: Multiple security vulnerabilities may affect IBM Java that is shipped with TXSeries for Multiplatforms
Summary Multiple security vulnerabilities may affect IBM Java that is shipped with TXSeries for Multiplatforms CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007. An update to TXSeries for Multiplatforms has been released to address these vulnerabilitie...
Security Bulletin: Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced
Summary Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerabili...
Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2026-3621).
Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2026-3621. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2026-362...
Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).
Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...
Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).
Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...
Security Bulletin: The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability (CVE-2025-48924).
Summary The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability CVE-2025-48924. The version of the Apache Commons Lang library that is shipped with IBM ApplinX has been updated in order to address the vulnerability. Vulnerability...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty ( CVE-2026-41417 )
Summary IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via...