Lucene search
K

35778 matches found

IBM Security Bulletins
IBM Security Bulletins
added 4 days ago7 views

Security Bulletin: Vulnerability in IBM Operator for PostgreSQL

Summary A vulnerability was addressed in IBM Operator for PostgreSQL version v28.4.0. Vulnerability Details CVEID:CVE-2026-25680 DESCRIPTION: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source:...

6.5CVSS6.2AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago8 views

Security Bulletin: IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow (CVE-2026-13473)

Summary IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow due to unchecked string copy operations in IBM Storage Protect Snapshot for Windows Standalone Configuration. Vulnerability Details CVEID:CVE-2026-13473 DESCRIPTION: IBM Storage Protect is vulnerable to a heap-based...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v...

9.3CVSS6.2AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-40181 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3,...

9.3CVSS6.2AI score0.00745EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago5 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IF2 Vulnerability Details CVEID:CVE-2026-8368 DESCRIPTION: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response...

9.8CVSS6.6AI score0.00695EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS7.5AI score0.27095EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to pyOpenSSL

Summary pyOpenSSL is used by IBM Cloud Pak for Data System 1.0 as a Python wrapper around the OpenSSL library for TLS/SSL functionality. Multiple vulnerabilities affect pyOpenSSL. CVE-2026-27448 involves improper handling of unhandled exceptions in the settlsextservernamecallback callback, which...

9.8CVSS6.2AI score0.00704EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago4 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty (CVE-2026-50010,CVE-2026-50020,CVE-2026-45416 & CVE-2026-44249)

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

8.1CVSS6.2AI score0.00573EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago6 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.20 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS6.4AI score0.00393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago6 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3.22 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS6.3AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago8 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.28 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS6.3AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago4 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.40 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

8.1CVSS6.7AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Multiple Vulnerabilities in Axios bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the Axios library, which is susceptible to proxy bypass, SSRF, prototype pollution, bypasses application-level authentication, denial of service, vulnerabilities CVE-2026-39865,...

7.5CVSS6.2AI score0.025EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Vulnerability in node-tar bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the node-tar library, which is susceptible to a Path Traversal vulnerability during archive extraction. When default configurations are used, an attacker-controlled archive can create a hardlink inside the extraction...

7.1CVSS6AI score0.00288EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Multiple Vulnerabilities in Minimatch bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the minimatch library, which is susceptible to multiple Denial of Service DoS vulnerabilities due to algorithmic inefficiencies and catastrophic regular expression backtracking. A remote attacker could exploit these...

8.7CVSS5.9AI score0.00519EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster...

7.1CVSS6.2AI score0.0036EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Multiple vulnerabilities in IBM Software Support App

Summary Multiple vulnerabilities were addressed in IBM Software Support App Version 4.1.1 Vulnerability Details CVEID:CVE-2026-53550 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml...

9.8CVSS6.7AI score0.00409EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Broken Access Control Vulnerabilities in Langflow 1.0.0 - 1.8.4 File Handling API Allowed Unauthorized Access to User Files

Summary Two broken access control vulnerabilities in Langflow's file handling API allowed unauthorized access to user files. The first vulnerability CVE-TBD-1 in the GET /api/v1/files/images/flowid/filename endpoint lacked authentication requirements, allowing any unauthenticated attacker with...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago5 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i

Summary IBM Rational Developer for i is affected by a prototype pollution vulnerability in Axios CVE-2026-42033, an allocation without limits vulnerability in Axios CVE-2026-42034, an improper neutralization vulnerability in Axios CVE-2026-42035, an allocation without limits vulnerability in Axio...

10CVSS6.8AI score0.00808EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System

Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...

9.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago7 views

Security Bulletin: IBM z/TPF Development is affected by multiple vulnerabilities

Summary Multiple vulnerabilities were identified in the open-source package axios version 1.15.2, which provides the HTTPS/HTTP client used by the IBM z/TPF Development extension. Fixes for these vulnerabilities were made available in axios version 1.17.0. Additionally, a vulnerability was...

8.7CVSS7.2AI score0.01041EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Vulnerability in Axios affect IBM Cloud Pak System

Summary Due to the use of Axios, vulnerability was addressed in IBM Cloud Pak System version 2.3.5.1 Vulnerability Details CVEID:CVE-2026-44495 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollutio...

7CVSS6AI score0.00495EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.5CVSS5.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versio...

7.5CVSS5.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS5.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1933 DESCRIPTION: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks,...

9.8CVSS6.9AI score0.12797EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities

Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These vulnerabilities have been addressed in IBM Planning Analytics Local v2.0 - IBM Planning Analytics Workspace version 2.1.22. Vulnerability Details CVEID:CVE-2025-68161...

8.8CVSS6.7AI score0.00743EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM i is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to partial denial-of-service DoS CVE-2026-22021, CVE-2026-22018 and unauthorized access to data CVE-2026-22016, CVE-2026-22013,...

7.5CVSS6.4AI score0.00702EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago5 views

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System

Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...

8.3CVSS7.5AI score0.01744EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM Operational Decision Manager for May 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take contr...

8.7CVSS7.7AI score0.01125EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a cross-site request forgery vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a cross-site request forgery vulnerability CVE-2026-8408 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tomcat-embed-core-10.1.54.jar which is vulnerable to CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515.

Summary IBM Maximo Application Suite - Monitor Component uses tomcat-embed-core-10.1.54.jar which is vulnerable to CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41293...

9.8CVSS5.9AI score0.01339EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago7 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

9.8CVSS6.5AI score0.00847EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago5 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise Webapps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise Webapps version 1.0.4 Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. Th...

7.6CVSS7.5AI score0.0041EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 5 days ago3 views

Security Bulletin: Due to use of IBM Storage Protect, IBM Cloud Pak System is affected by vulnerability [CVE-2026-13463]

Summary Vulnerabilities was addressed in IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2026-13463 DESCRIPTION: IBM Storage Protect could allow a local attacker to obtain sensitive information due to the insertion of credentials into log files. CWE:CWE-798: Use of Hard-code...

5.9AI score
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide...

9.8CVSS7.4AI score0.00252EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS5.9AI score0.0016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Nomad vulnerable to sandbox escape in Docker task driver

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This...

8.7CVSS5.9AI score0.00316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Consul-template is vulnerable to path redirection in writeToFile through symlink attack

Summary The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in...

4.7CVSS5.8AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty (bundled with IBM Enterprise Application Runtimes) are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago6 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago10 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Tivoli Monitoring's zlib library is affected by a security vulnerability.

Summary A vulnerable version of zlib library which is included as part of IBM Tivoli Monitoring ITM have been remediated. Vulnerability Details CVEID:CVE-2026-4176 DESCRIPTION: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerabl...

9.8CVSS7.2AI score0.00676EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Nomad Docker driver Linux host namespace bypass

Summary HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other...

7.7CVSS5.9AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Denial of service via crafted push/pull gossip message in memberlist

Summary HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-1436...

4.9CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Jackson Data Binding, Micrometer, Keycloak Policy Enforcer, Apache CXF Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cau...

8.1CVSS5.9AI score0.00695EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago26 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...

7.5CVSS6.2AI score0.00478EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35778