Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 3:8 p.m.9 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2025-62718 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

9.9CVSS6.2AI score0.01186EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 2:51 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus probes and/or gateways have been addressed. Vulnerability Details CVEID:CVE-2026-21933 DESCRIPTION: Java SE could allow a remote attacker to bypass security controls and...

6.1CVSS6.5AI score0.00261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 1:41 p.m.15 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-44288 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder...

8.8CVSS6.1AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 8:17 a.m.9 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...

9CVSS7AI score0.22709EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 7:23 p.m.24 views

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential resource exhaustion and denial-of-service DoS vulnerabilities Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...

7.5CVSS6.7AI score0.00561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 7:19 p.m.18 views

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of netty-codec-http

Summary Due to use of netty-codec-http, DevOps Test Performance and Rational Performance Tester contain potential HTTP Request Smuggling and Uncontrolled Resource Consumption vulnerabilities. Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network...

9.8CVSS6AI score0.00863EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 6:30 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2026) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2026. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitab...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 4:42 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2026-5516)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability with the appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details CVEID:CVE-2026-5516 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attack...

5.9CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 3:55 p.m.14 views

Security Bulletin: Unauthenticated File Upload Vulnerability Allows Disk Space Exhaustion and Path Disclosure in Langflow OSS

Summary Unauthenticated users can upload unlimited files to the Langflow OSS server via the deprecated /api/v1/upload/flowid endpoint without authentication or validation, leading to potential disk space exhaustion DoS and information disclosure through absolute file path leakage in API responses...

7.5CVSS5.8AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 3:54 p.m.8 views

Security Bulletin: Path Traversal Vulnerability in File Processing Components Allows Unauthorized File System Access and Potential Remote Code Execution

Summary A path traversal vulnerability exists in multiple Langflow OSS file processing components Docling, Docling Serve, Read File, NVIDIA Retriever Extraction, Video File, and Unstructured API that are based on BaseFileComponent. The vulnerability in the unpackbundle function allows attackers t...

9.8CVSS6.5AI score0.00624EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 3:22 p.m.19 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service (CVE-2026-4410)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Application Server Liberty with the sipServlet-1.1 feature enabled. Vulnerability Details CVEID:CVE-2026-4410 DESCRIPTION: IBM WebSphere Application Server...

7.5CVSS5.8AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 3:14 p.m.13 views

Security Bulletin: IBM Controller is affected by vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...

9.8CVSS7AI score0.01268EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:43 p.m.89 views

Security Bulletin: Updating IBM WebSphere Liberty Profile in Identity Insight for security update

Summary Identity Insight customers are advised to update IBM WebSphere Liberty Profile WLP to version 26.0.0.4 for security update in WLP. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

9.8CVSS6.9AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:41 p.m.48 views

Security Bulletin: Updating Java in Identity Insight 9.0.0.1 for security update

Summary Identity Insight customers are advised to update OpenJDK 8 to version 8.0.492 for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

8.1CVSS6.8AI score0.01361EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:39 p.m.58 views

Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update

Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...

8.1CVSS6.8AI score0.01361EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:17 p.m.8 views

Security Bulletin: IBM WebSphere Automation is vulnerable to CVE-2026-35554 which affects the kakfa client library

Summary IBM WebSphere Automation is vulnerable to CVE-2026-35554, which causes a race condition in the Apache Kafka Java producer client's buffer pool management which can cause messages to be silently delivered to incorrect topics. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race...

8.7CVSS6AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 8:1 a.m.19 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a Denial of Service due to jackson-core ( WS-2026-0003 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS runtime and toolkit are vulnerable to a Denial of Service due to jackson-core. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default:...

5.8AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 7:32 a.m.8 views

Security Bulletin:DevOps Test Embedded for Eclipse IDE is vulnerable to XXE injection & RCE due to use of JGit and EGit ( CVE-2023-4759 and CVE-2025-4949)

Summary Due to the use of JGit and EGit, DevOps Test Embedded for Eclipse contains vulnerabilities that could lead to unauthorized file access via XML External Entity XXE injection, and arbitrary file overwrites on case-insensitive filesystems that can lead to Remote Code Execution RCE. This only...

8.8CVSS7.7AI score0.01884EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 6:38 a.m.10 views

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.2

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.2. The vulnerabilities have been addressed in 4.2.2 version. Hence, IBM strongly recommends upgrading to 4.2.2. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

9.8CVSS7AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 5:43 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS when the $data option is...

9.8CVSS7.2AI score0.02591EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 5:41 a.m.20 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...

9.8CVSS7.2AI score0.00855EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 10:20 p.m.10 views

Security Bulletin: Vulnerability in qs bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Data Cataloging include the qs library, which is vulnerable to a Denial of Service DoS due to improper input validation. The arrayLimit option in the library failed to enforce limits specifically for bracket notation a=1, allowing the creation of...

6.3CVSS6.8AI score0.0041EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 10:19 p.m.13 views

Security Bulletin: Multiple Vulnerabilities in pyOpenSSL bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Data Cataloging include the pyOpenSSL library, which is susceptible to a critical buffer overflow and a "fail-open" security bypass. A classic buffer overflow vulnerability exists when a user-provided cookie generation callback returns a value...

9.8CVSS6.5AI score0.00704EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 8:53 p.m.16 views

Security Bulletin: glibc vulnerability

Summary Prior versions of Classic Remote Capture may include this vulnerability. Vulnerability Details CVEID:CVE-2025-15281 DESCRIPTION: Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized...

7.5CVSS6.9AI score0.00286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 8:52 p.m.21 views

Security Bulletin: IBM i is Affected by Improper Handling of Special Elements and Improper Neutralization of Null Byte Vulnerabilities in OpenSSH [CVE-2025-61984, CVE-2025-61985]

Summary OpenSSH for IBM i is vulnerable to allowing control characters in usernames CVE-2025-61984 and allowing null bytes in the URI CVE-2025-61985 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control...

3.6CVSS6.8AI score0.00211EPSS
Exploits2Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 8:32 p.m.10 views

Security Bulletin: curl vulnerability

Summary Prior versions of Classic Remote Capture may include this curl vulnerability. Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but...

7.5CVSS6.8AI score0.01301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:32 p.m.13 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27024 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to ...

6.9CVSS5.8AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:25 p.m.31 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.132.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.132.Final.jar Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is...

5.3CVSS5.8AI score0.00307EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 5:24 p.m.20 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the paramiko package to provide common ssh capability. paramiko-4.0.0-py3-none-any.whl is vulnerable to CVE-2026-44405. Vulnerability Details CVEID:CVE-2026-44405 DESCRIPTION: In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1...

3.4CVSS5.8AI score0.00114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 4:50 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Agent images

Summary Multiple vulnerabilities were addressed in IBM MQ Agent images Vulnerability Details CVEID:CVE-2026-41425 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in...

6.3CVSS6.6AI score0.00679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 4:47 p.m.12 views

Security Bulletin: IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.4/Data Protect 7.4

Summary IBM Storage Defender: Data Protect critical vulnerabilities resolved in release Defender 2.1.4/Data Protect 7.4. The vulnerabilities have been addressed in Data Protect 7.4, which is included in IBM Storage Defender 2.1.4 Vulnerability Details CVEID:CVE-2021-45960 DESCRIPTION: In Expat ak...

9.8CVSS7AI score0.34174EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 4:41 p.m.13 views

Security Bulletin: Cross-site scripting, authentication bypass by spoofing, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to cross-site scripting, authentication bypass by spoofing, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...

9.8CVSS7.8AI score0.00933EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 4:26 p.m.17 views

Security Bulletin: Vulnerabilities found in Semeru Runtime affecting Business Developer

Summary There are vulnerabilities in Eclipse OMR used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to...

9.8CVSS7.6AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 3:31 p.m.15 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin CVE-2026-28780, CVE-2026-33857, CVE-2026-34032, CVE-2026-34059, CVE-2026-41080 Vulnerability Details Refer to the...

9.8CVSS5.9AI score0.01325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 3:29 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.6.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-33155 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle...

8.7CVSS5.7AI score0.00452EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 3:27 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pyasn1-0.6.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pyasn1-0.6.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by...

7.5CVSS6.7AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 1:36 p.m.21 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

6.5CVSS7.5AI score0.01663EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 11:41 a.m.15 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-handler-proxy

Summary Due to use of netty-handler-proxy, DevOps Test Performance and Rational Performance Tester contain a potential header injection vulnerability. Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Fina...

7.5CVSS5.9AI score0.00667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 9:45 a.m.11 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2026-40175 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

9CVSS6.9AI score0.01815EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:16 a.m.11 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

7.8CVSS6.7AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:4 a.m.13 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17 and is affected by multiple vulnerabilities Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textua...

9.8CVSS7.1AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:0 a.m.19 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2025-55132 DESCRIPTION: A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even...

9.8CVSS8AI score0.47621EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:56 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2026-24398 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP...

8.8CVSS7.1AI score0.01535EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:37 a.m.13 views

Security Bulletin: Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp

Summary Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS5.8AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 6:35 a.m.12 views

Security Bulletin: Erlang OTP inets httpd Vulnerable to HTTP Request Smuggling via Duplicate Content-Length Headers

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

9.4CVSS7.1AI score0.00528EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 5:2 a.m.12 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle April 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/17 9:24 p.m.11 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...

9.8CVSS6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/17 5:1 p.m.31 views

Security Bulletin: IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Modeler is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 3:13 p.m.13 views

Security Bulletin: Common vulnerabilities addressed in Cloudera Base on premises 7.3.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Base on premises 7.3.2 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

9.6CVSS7.4AI score0.01044EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 3:9 p.m.15 views

Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1

Summary Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1 Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on...

9.8CVSS7.2AI score0.66933EPSS
Exploits18Affected Software1
Total number of security vulnerabilities35608