Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:46 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 12.1.3 and earlier affect IBM® Db2® Big SQL on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remot...

8.4CVSS7AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:43 p.m.10 views

Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS6.6AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:40 p.m.11 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 a...

7.5CVSS7AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:25 p.m.10 views

Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:21 p.m.9 views

Security Bulletin: A vulnerability in the qs package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the qs package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled,...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:15 p.m.19 views

Security Bulletin: Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and ealier. Vulnerability Details CVEID:CVE-2025-36247 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is...

8.2CVSS5.8AI score0.00296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:10 p.m.11 views

Security Bulletin: A vulnerability in package Lodash affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in OpenSSL affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacke...

8.2CVSS6.6AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 1:21 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-29111 DESCRIPTION: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spuriou...

9.9CVSS7.9AI score0.02591EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 9:44 a.m.17 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cau...

7.5CVSS7.7AI score0.00864EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 11:59 p.m.13 views

Security Bulletin: IBM Cognos Analytics is affected by multiple security vulnerabilities

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Cognos Analytics. Please review the below vulnerabilities and take necessary remediation actions. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos...

8.8CVSS7.4AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 5:22 p.m.11 views

Security Bulletin: IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability (CVE-2026-1002)

Summary IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability CVE-2026-1002. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated t...

6.9CVSS6.4AI score0.00343EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 4:56 p.m.11 views

Security Bulletin: This Power System update is being released to address CVE-2026-7254

Summary The BMC's HTTPS interface is vulnerable to denial of service attacks by unauthenticated network users. Vulnerability Details CVEID:CVE-2026-7254 DESCRIPTION: OpenBMC HTTPS service is vulnerable to attacks by unauthenticated network users which can result in denial of service. CWE:CWE-1284...

5.3CVSS5.8AI score0.00238EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 4:40 p.m.12 views

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

5.3CVSS7.2AI score0.00502EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 4:40 p.m.12 views

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

5.3CVSS7.2AI score0.00502EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 3:57 p.m.17 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to axios

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to multiple vulnerabilities due to axios. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior...

7.5CVSS5.9AI score0.00838EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 3:43 p.m.13 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...

8.7CVSS6.2AI score0.0061EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:59 p.m.10 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of thin-vec (CVE-2026-6654)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses the thin-vec-0.2.14 crate, which is vulnerable to a double free error. Vulnerability Details CVEID:CVE-2026-6654 DESCRIPTION: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear...

7.3CVSS5.8AI score0.00168EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:58 p.m.10 views

Security Bulletin: IBM Cloud Kubernetes is affected by a Linux kernel security vulnerability (CVE-2026-31431)

Summary IBM Cloud Kubernetes Service is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...

7.8CVSS6.6AI score0.96267EPSS
Exploits228Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:58 p.m.8 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Linux kernel security vulnerability (CVE-2026-31431)

Summary Red Hat OpenShift on IBM Cloud is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...

7.8CVSS6.6AI score0.96267EPSS
Exploits228Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:9 p.m.13 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension...

9.1CVSS6AI score0.03494EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:1 p.m.10 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:0 p.m.13 views

Security Bulletin: Security vulnerability in Golang affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Golang affects IBM Robotic Process Automation. Golang is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION:...

5.9CVSS5.8AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:59 p.m.10 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

7.5CVSS7AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:58 p.m.12 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

6.3CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:58 p.m.9 views

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

8.2CVSS6.6AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:55 p.m.11 views

Security Bulletin: Security vulnerability in Java affects IBM Robotic Process Automation

Summary A security vulnerability in Java affects IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS7AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:54 p.m.9 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

8.9CVSS6.8AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:53 p.m.9 views

Security Bulletin: Security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. IBM WebSphere Application Server Liberty is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak...

7.6CVSS7.4AI score0.0039EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:52 p.m.12 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:49 p.m.11 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

8.5CVSS7.1AI score0.00163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:48 p.m.14 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

7.8CVSS7.6AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:46 p.m.10 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

5.3CVSS5.8AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 11:11 a.m.25 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

8.6CVSS7AI score0.01945EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 10:0 a.m.16 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

9.1CVSS5.9AI score0.00542EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 9:59 a.m.9 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)

Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...

9.1CVSS5.9AI score0.00542EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 9:58 a.m.22 views

Security Bulletin: IBM Event Streams is vulnerable to denial of service (DoS) due to a vulnerability in Bouncy Castle Java libraries (CVE-2025-8916)

Summary IBM Event Streams is vulnerable to an allocation of resources without limits or throttling vulnerability in the Bouncy Castle Java libraries bcprov, bcpkix, and bcpkix-fips used for TLS and certificate validation. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...

6.3CVSS6.8AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 6:23 a.m.12 views

Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

9.4CVSS7.1AI score0.00528EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 5:14 a.m.10 views

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)

Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:21 a.m.14 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (May 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data...

9.8CVSS7.5AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 11:7 p.m.8 views

Security Bulletin: IBM i is Affected By A Cross-Site Scripting Vulnerability in Navigator for i [CVE-2026-0540]

Summary Navigator for IBM i uses the Monaco editor to edit config files. The Monaco editor uses DOMPurify to sanitize the HyperText Markup Language HTML in the editor. DOMPurify is vulnerable to improper neutralization of input by using rawtext elements missing from the SAFEFORXML regex...

6.1CVSS5.8AI score0.0034EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 10:51 p.m.7 views

Security Bulletin: IBM i is Affected by a Denial of Service Vulnerability [CVE-2026-6936]

Summary IBM i is vulnerable to denial of service due to uncontrolled recurision in the Integrated Language Environment ILE compiler as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-6936 DESCRIPTION: IBM i is vulnerable to a denial-of-service attack due to...

6.5CVSS5.9AI score0.0024EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 8:14 p.m.10 views

Security Bulletin: Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

Summary An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any...

8.1CVSS5.7AI score0.00376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 8:12 p.m.16 views

Security Bulletin: Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Summary Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterpris...

8.6CVSS5.7AI score0.00332EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 6:27 p.m.13 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...

8.8CVSS6.8AI score0.05966EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 5:54 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in watsonx.data

Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 2 version, which was present in different version from watson.data 2.2.2 to watsonx.dat 2.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic...

9.9CVSS7.3AI score0.01186EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 5:42 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

5.8AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 4:46 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitra...

7.2CVSS5.9AI score0.0081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 4:45 p.m.18 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This...

9.1CVSS5.8AI score0.00715EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 1:52 p.m.13 views

Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of Eclipse Jetty

Summary Due to use of Eclipse Jetty, DevOps Test Performance and Rational Performance Tester contain potential input validation, information exposure, integer overflow, memory allocation, HTTP parsing, and URI authority validation vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047...

7.5CVSS6.9AI score0.03754EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 10:58 a.m.10 views

Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...

5.1CVSS5.7AI score0.00388EPSS
Exploits2Affected Software2
Total number of security vulnerabilities35608