Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:44 p.m.9 views

Security Bulletin: Vault Denial of Service Through Complex JSON Payloads

Summary A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to becom...

7.5CVSS6.8AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:43 p.m.9 views

Security Bulletin: Vault Vulnerable to Denial of Service Due to Rate Limit Regression

Summary Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for HCSEC-2025-24 which allowed for processing JSON payloads before applying rate limits. This vulnerability,...

7.5CVSS6.7AI score0.00517EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:41 p.m.12 views

Security Bulletin: Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries

Summary Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault...

8.1CVSS6.9AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:39 p.m.11 views

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

9.8CVSS7AI score0.00492EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:20 p.m.7 views

Security Bulletin: Incomplete Fix For Previous Vault DoS Issue

Summary A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to becom...

7.5CVSS6.7AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 6:39 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-41242, CVE-2026-4800) and denial of service (CVE-2026-27141)

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality CVE-2026-41242, CVE-2026-4800 and denial of service CVE-2026-27141. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules protobufjs...

9.8CVSS7.3AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 4:35 p.m.6 views

Security Bulletin: A vulnerability in IBM Semeru affects IBM® Db2®. (Jan 2026 CPU)

Summary There is a vulnerability in IBM Semeru Version 21.0.9.0 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in Jan 2026. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API...

9.8CVSS7.5AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 4:11 p.m.8 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty

Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silent...

9.8CVSS7AI score0.00863EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 4:4 p.m.11 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios CVE-2026-42264, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043,...

10CVSS6AI score0.00838EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:57 p.m.9 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto (CVE-2025-14813, CVE-2026-5598)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in Bouncy Castle Crypto CVE-2025-14813, CVE-2026-5598. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

9.9CVSS7AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:53 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-11187...

9.8CVSS7.5AI score0.47621EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:50 p.m.7 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14915, CVE-2025-14917, CVE-2026-3621, CVE-2026-1561, CVE-2026-29063. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-29063...

9.8CVSS7.3AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:49 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

7.5CVSS6.9AI score0.00651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git [CVE-2026-33762]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in go-git, due to a flaw in the index decoder for format version 4 that fails to validate the path name prefix length before applying it to the previously decoded path name CVE-2026-33762. Go-git is used as pa...

2.8CVSS5.7AI score0.00153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:46 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2026-34165]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a flaw which can allow a maliciously crafted .idx file to cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition...

5CVSS7.1AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:44 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux [CVE-2026-22737]

Summary IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux, where template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views CVE-2026-22737...

5.9CVSS5.9AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:42 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux [CVE-2026-22735]

Summary IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux when using Server-Sent Events SSE CVE-2026-22735. Spring MVC and WebFlux are used in our speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

2.6CVSS5.7AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:41 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith [CVE-2026-25528]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangSmith, due to a flaw allowing the injection of arbitrary apiurl values through the baggage header, causing the SDK to exfiltrate sensitive trace data to attacker-controlled endpoints CVE-2026-25528...

5.8CVSS7.3AI score0.00282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:39 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain [CVE-2026-26013]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain, due to a faulty method that fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. CVE-2026-26013. LangChain is used in our speech runtime...

3.7CVSS5.9AI score0.00379EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:38 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query (CVE-2026-6938)

Summary IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query Vulnerability Details CVEID:CVE-2026-6938 DESCRIPTION: IBM Db2 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query...

7.5CVSS5.8AI score0.00185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:37 p.m.11 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

7.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:36 p.m.10 views

Security Bulletin: IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables (CVE-2026-6052)

Summary IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables. Vulnerability Details CVEID:CVE-2026-6052 DESCRIPTION: IBM Db2 is vulnerable to running out of memory when executing certain queries with MDC tables. CVSS Source: IBM CVSS Base score: 6.5 CVSS...

7.5CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:36 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module [CVE-2026-27139]

Summary IBM Watson Speech Services Cartridge is vulnerable to path-traversal in golang os module, due to ability of a FileInfo action to reference a file outside of the Root in which the File was opened. CVE-2026-27139. Golang os module is used in our speech utilities. This vulnerabilitiy has bee...

2.5CVSS7.3AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:35 p.m.12 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables (CVE-2026-6053)

Summary is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. Vulnerability Details CVEID:CVE-2026-6053 DESCRIPTION: IBM Db2 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. CWE:CWE-770:...

5.5CVSS5.8AI score0.00098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:35 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query when running an AUTONOMOUS procedure (CVE-2026-1718)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. Vulnerability Details CVEID:CVE-2026-1718 DESCRIPTION: IBM Db2 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are...

7.5CVSS5.8AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:34 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template [CVE-2026-27142]

Summary IBM Watson Speech Services Cartridge is vulnerable to cross-site-scripting in golang Go html/template, due to a flaw which disables escaping of URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0 CVE-2026-27142. Golang Go html/template i...

6.1CVSS7.1AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:32 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]

Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...

7.5CVSS7.1AI score0.00728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:23 p.m.11 views

Security Bulletin: Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service (DoS) vulnerability.

Summary Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service vulnerability. Jackson Core has been updated within CICS Transaction Gateway Desktop Edition in order to address the vulnerability. Vulnerability Details ID:WS-2026-0003...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:23 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in LangChain [CVE-2026-34070]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in LangChain, due to multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection...

7.5CVSS6.1AI score0.01176EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:21 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...

8.7CVSS7AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:16 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK [CVE-2026-33236]

Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in NLTK Natural Language Toolkit, caused by a NLTK downloader that does not validate the subdir and id attributes when processing remote XML index files CVE-2026-33236. NLTK is used in our speech runtimes. This...

8.1CVSS7.3AI score0.00487EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:13 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON [CVE-2026-32874, CVE-2026-32875]

Summary IBM Watson Speech Services Cartridge is vulnerable to a memory leak or buffer overflow in UltraJSON due to multiple issues CVE-2026-32874, CVE-2026-32875. UltraJSON is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

7.5CVSS6AI score0.00479EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:11 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...

7.5CVSS6.6AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:10 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL [CVE-2026-27448, CVE-2026-27459]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL due to a flaw allowing user provided callback to settlsextservernamecallback. This raises an unhandled exception, resulting in connections being accepted that could allow bypassing of security-sensitive...

9.8CVSS5.8AI score0.00704EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:7 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:2 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...

8.6CVSS5.8AI score0.00288EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:0 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

8.7CVSS5.8AI score0.00593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:56 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

9.1CVSS5.6AI score0.00318EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:55 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]

Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...

7.5CVSS6.6AI score0.00855EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:50 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

7.5CVSS7.2AI score0.00606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in cbor2 [CVE-2026-26209]

Summary IBM Watson Speech Services Cartridge is vulnerable to adenial of service in cbor2, caused by uncontrolled recursion when decoding deeply nested CBOR structures CVE-2026-26209. Cbor2 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS7AI score0.00417EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:46 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...

4.8CVSS5.3AI score0.00156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:44 p.m.13 views

Security Bulletin: IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability (CVE-2026-8405)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2026-8405 DESCRIPTION: IBM Guardium Data Protection's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.8AI score0.00228EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:27 p.m.12 views

Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway for Multiplatforms.

Summary CICS Transaction Gateway for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2025-15281, CVE-2026-0915, CVE-2025-15366, CVE-2025-15367, CVE-2026-0865, CVE-2026-1299, CVE-2025-14831, CVE-2025-9820, CVE-2025-69419, WS-2026-0003, GHSA-72hv-8253-57qq...

7.5CVSS6.8AI score0.00638EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:0 p.m.14 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-361...

8.8CVSS6.6AI score0.00743EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 12:3 p.m.9 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version cryptography-46.0.5 package is vulnerable to CVE-2026-39892. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.8AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 4:12 a.m.8 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access OIDC Provider

Summary Security vulnerabilities have been addresed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2026-39883 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to...

9.8CVSS5.8AI score0.00605EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 8:13 p.m.12 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in the PostgreSQL JDBC driver and Apache Neethi Vulnerability Details CVEID:CVE-2026-42402 DESCRIPTION: Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Speciall...

7.5CVSS5.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 3:34 p.m.16 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-61726 DESCRIPTION: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally...

10CVSS7.7AI score0.01945EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 3:24 p.m.8 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU for Rational Software Architect Designer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...

7.5CVSS7.1AI score0.00702EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608