Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:43 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling (CVE-2026-29181)

Summary There are vulnerabilities in go.opentelemetry.io/otel-v1.37.0, go.opentelemetry.io/otel-v1.38.0, go.opentelemetry.io/otel-v1.40.0 used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-29181. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-29181...

7.5CVSS5.3AI score0.00435EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:29 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Cross-Site Scripting.

Summary compiler-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-32635. Vulnerability Details CVEID:CVE-2026-32635 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to...

9CVSS5.7AI score0.00339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:27 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Regular Expression Denial of Service.

Summary picomatch-2.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33671, CVE-2026-33672. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression...

7.5CVSS5.7AI score0.00412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:24 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Uncontrolled Resource Consumption.

Summary brace-expansion-2.0.2.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33750. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and...

7.5CVSS5.4AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:22 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by command injection.

Summary glob-10.4.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64756. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command...

7.5CVSS6.5AI score0.03092EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:20 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Regular Expression Denial of Service.

Summary minimatch-9.0.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS5.4AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:19 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by Uncontrolled Resource Consumption.

Summary netty-codec-4.1.127.Final.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42583. Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocate...

7.5CVSS5.3AI score0.00429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:16 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary IBM Java is used by IBM Sterling Connect:Direct Web Services CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007, CVE-2026-6918. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily...

8.7CVSS5.4AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:15 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

8.2CVSS5.5AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 4:9 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-2200...

8.7CVSS5.4AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:14 a.m.11 views

Security Bulletin: IBM Engineering Systems Design Rhapsody TestConductor was affected by CVE-2025-48924

Summary IBM Engineering Systems Design Rhapsody TestConductor was vulnerable to an uncontrolled recursion on very long inputs. This could cause components using Apache Commons Lang to stop. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:3 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-40192, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40192 DESCRIPTION: Pillow is a Python imaging...

8.7CVSS7.3AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 6:17 a.m.4 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605

Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-1605, CVE-2026-1605 is a high-severity vulnerability in the Eclipse Jetty web server caused by improper resource management in the GzipHandler component. IBM Engineering Systems Design Rhapsody has resolve...

7.5CVSS5.2AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 6:17 a.m.4 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

6.5CVSS6.8AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 6:16 a.m.6 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925

Summary Security Bulletin: IBM Engineering Systems Design Rhapsody was using Older version of Java which as per Oracle's January 2026 Critical Patch Update, all affecting Oracle Java SE and related GraalVM runtimes. Collectively, they highlight weaknesses in how Java handles untrusted code,...

7.5CVSS6AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 5:19 a.m.4 views

Security Bulletin: Security vulnerability has been identified in dojo library shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2018-1000665)

Summary Security vulnerability has been addressed in IBM Guardium Key Lifecycle Manager SKLM/GKLM Vulnerability Details CVEID:CVE-2018-1000665 DESCRIPTION: Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and...

6.1CVSS6.3AI score0.01286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 5:12 a.m.8 views

Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION:...

9CVSS6AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 5:8 a.m.5 views

Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-9330 DESCRIPTION:...

9CVSS6.2AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 4:54 a.m.6 views

Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM...

9.1CVSS5.1AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:52 p.m.44 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for May 2026

Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.1.1 IF002 Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands...

9.1CVSS8.7AI score0.00967EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 8:51 p.m.6 views

Security Bulletin: Qiskit SDK is vulnerable to specific functions may recurse too deeply and overflow the available stack space, when encountering certain classical expressions.

Summary The functions qiskit.qasm2.load and qiskit.qasm2.loads may recurse too deeply and overflow the available stack space, when encountering certain classical expressions. Vulnerability Details CVEID:CVE-2026-4870 DESCRIPTION: IBM Qiskit SDK could allow an attacker to trigger a segmentation...

7.5CVSS5.4AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:2 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...

8.6CVSS7.9AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:1 p.m.7 views

Security Bulletin: Arbitrary File Write and Remote Code Execution Vulnerability in Langflow v2 API

Summary IBM Langflow Desktop contains a critical vulnerability in its v2 API file handling mechanism where the POST /api/v2/files/ endpoint improperly processes multipart upload filenames without sanitization, allowing path traversal and arbitrary file write outside intended directories; this fla...

6.5CVSS6.5AI score0.00275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:0 p.m.6 views

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

6.5CVSS5.5AI score0.00275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:59 p.m.8 views

Security Bulletin: Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its image retrieval functionality where the GET /api/v1/files/images/flowid/filename endpoint fails to enforce authentication and ownership validation, allowing any unauthenticated user to access image files by supplying a valid flow...

7.5CVSS5.2AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:58 p.m.9 views

Security Bulletin: Langflow OSS Unauthenticated IDOR on Image Downloads

Summary Langflow OSS versions 1.0.0 - 1.8.4 are affected by an insecure direct object reference vulnerability in the image download endpoint due to missing authentication and authorization checks. The images endpoint serves image files without verifying user identity or ownership. An user who get...

7.5CVSS5.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:54 p.m.8 views

Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...

5.8CVSS6.2AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:50 p.m.11 views

Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

7.5CVSS6.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:47 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...

7.3CVSS7.1AI score0.00358EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 3:36 p.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed

Summary Vulnerabilities have been identified in HTML / XSS Injection, which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2025-33128 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to cross-site scripting. This...

5.4CVSS4.8AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 11:10 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-27139 DESCRIPTION: On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference ...

9.8CVSS7AI score0.02415EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 11:1 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior...

9.3CVSS5.2AI score0.00838EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:57 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

9.8CVSS7AI score0.00745EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:29 a.m.8 views

Security Bulletin: Multiple vulnerabbilities exist in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager IP Edition core components

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 17.0.18.0, which is used by IBM Tivoli Network Manager IP Edition v4.2 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access...

7.5CVSS5AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 9:16 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...

7.5CVSS5.5AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 8:19 a.m.8 views

Security Bulletin: The IBM Common Licensing product using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

7.6CVSS5.1AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:35 a.m.8 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Java SE (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933).

Summary IBM Event Streams is affected by multiple vulnerabilities in Java SE. These vulnerabilities could allow a remote attacker to cause a denial of service condition, bypass security restrictions, or perform unauthorized operations on data processed by affected Java components. Vulnerability...

7.5CVSS5.4AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:30 a.m.6 views

Security Bulletin: IBM Event Processing is affected by Multiple vulnerabilities

Summary IBM Event Processing is affected by Multiple vulnerabilities and were addressed in IBM Event Processing version 1.5.3 Vulnerability Details CVEID:CVE-2026-27148 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions...

9.6CVSS6.1AI score0.00683EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:52 a.m.5 views

Security Bulletin: IBM TRIRIGA Cross-Site Scripting Vulnerability

Summary IBM TRIRIGA is affected by a Cross-Site Scripting XSS vulnerability that could allow a remote authenticated user to inject malicious script into a web page viewed by other users. Successful exploitation could result in execution of arbitrary script within the victim's browser session. IBM...

5.4CVSS5AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:40 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

9.1CVSS6AI score0.01736EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 2:27 a.m.12 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.3 Vulnerability Details CVEID:CVE-2026-42245 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4,...

9.8CVSS7AI score0.61469EPSS
Exploits40Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 1:5 a.m.5 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2026-45740 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth...

9.8CVSS7.4AI score0.00808EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:29 p.m.5 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Java that is shipped with TXSeries for Multiplatforms

Summary Multiple security vulnerabilities may affect IBM Java that is shipped with TXSeries for Multiplatforms CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007. An update to TXSeries for Multiplatforms has been released to address these vulnerabilitie...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:28 p.m.4 views

Security Bulletin: Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced

Summary Multiple security vulnerabilities may affect IBM Java that is shipped with IBM CICS TX Advanced CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerabili...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:27 p.m.4 views

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2026-3621. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2026-362...

7.5CVSS5.4AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:25 p.m.5 views

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...

7.5CVSS5.4AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:17 p.m.6 views

Security Bulletin: The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2026-34480, CVE-2026-34477, CVE-2026-34478, CVE-2026-34479).

Summary The Apache Log4J 2 package that is shipped with IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability, an Improper Validation of Certificate with Host Mismatch vulnerability and an Improper Output Neutralization for Logs vulnerability CVE-2026-34480,...

7.5CVSS6.4AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:11 p.m.5 views

Security Bulletin: The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability (CVE-2025-48924).

Summary The Apache Commons Lang library that is shipped with IBM ApplinX is vulnerable to an Uncontrolled Recursion vulnerability CVE-2025-48924. The version of the Apache Commons Lang library that is shipped with IBM ApplinX has been updated in order to address the vulnerability. Vulnerability...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 4:26 p.m.5 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty ( CVE-2026-41417 )

Summary IBM App Connect for Manufacturing is vulnerable to CRLF Injection due to Netty. Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via...

5.3CVSS6.8AI score0.00307EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608