Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:22 p.m.3 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability

Summary IBM Enterprise Build of Quarkus is affected by an authorization bypass vulnerability CVE-2026-39852 Vulnerability Details CVEID:CVE-2026-39852 DESCRIPTION: Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1,...

8.8CVSS5.9AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:18 p.m.8 views

Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...

8.6CVSS7.8AI score0.07022EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:53 p.m.10 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

8.8CVSS5.8AI score0.00743EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:5 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution, loss of confidentiality and denial of service

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution CVE-2026-23950, CVE-2026-31802, CVE-2026-26960, CVE-2026-24842, CVE-2026-33228, CVE-2026-29786, CVE-2026-23745, CVE-2026-40175, GHSA-v8w9-8mx6-g223, CVE-2026-34601, CVE-2026-295...

9.8CVSS6.9AI score0.00808EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:4 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality (CVE-2025-12183, CVE-2025-66566)

Summary Java module lz4 is used by IBM App Connect Enterprise Certified Container when connecting to Kafka servers. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use Kafka connectors are vulnerable to loss of confidentiality. This bulletin...

8.8CVSS5.9AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:3 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of integrity, arbitrary code execution, denial of service and SSRF

Summary IBM App Connect Enterprise Certified Container Designer operands that use mapping assistance and Dashboard operands that use the App Connect Enterprise Agent are vulnerable to loss of integrity CVE-2026-28684, arbitrary code execution CVE-2026-28277, denial of service CVE-2026-40347 and...

7.2CVSS6.3AI score0.05219EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 1:2 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality, denial of service and cross-site scripting

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, GHSA-39q2-94rc-95cp, denial of service CVE-2026-33151, CVE-2026-32288 and cross-site scripting CVE-2026-27142. This bulletin...

8.7CVSS5.8AI score0.00514EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 11:30 a.m.19 views

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...

9.8CVSS7AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 10:32 a.m.9 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Explorer code base. IBM Quantum Safe Explorer has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION:...

9.9CVSS7AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 10:19 a.m.11 views

Security Bulletin: Vulnerability in MCP Python SDK bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes MCP Python SDK. Following vulnerability could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. CVE-2025-66416. Vulnerability Details...

8.1CVSS7.2AI score0.00463EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 8:24 a.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM Engineering AI hub.

Summary Multiple vulnerabilities were addressed in IBM Engineering AI Hub version 1.2.0. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to...

9.4CVSS7.4AI score0.01735EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 7:45 a.m.9 views

Security Bulletin: IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718.

Summary IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 a...

9.9CVSS6.1AI score0.01186EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 7:44 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2026-40175.

Summary IBM Edge Data Collector uses axios-1.13.6.tgz which is vulnerable to CVE-2026-40175. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 a...

9CVSS6.1AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 4:11 a.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when...

5.5CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 4:4 a.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pygments-2.19.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file...

4.8CVSS5.3AI score0.00156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:55 a.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under...

8.2CVSS6.8AI score0.00612EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:30 p.m.11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in wheel-0.45.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function...

7.1CVSS7.6AI score0.00311EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:28 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in log4j-core-2.17.1.jar Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even whe...

6.3CVSS6.7AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:58 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.3-cp311-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to versi...

6.3CVSS5.7AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:49 p.m.9 views

Security Bulletin: IBM SPSS Statistics Java SE Vulnerability Updates

Summary Denial of service, unauthorized access and buffer size vulnerabilities have been addressed. Addresses Java CVEs: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188, CVE-2025-2900 and CVE-2025-4447. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE ...

9.8CVSS7.3AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:49 p.m.11 views

Security Bulletin: IBM SPSS Statistics Java SE Vulnerability Updates

Summary Denial of service, unauthorized access and buffer size vulnerabilities have been addressed. Addresses Java CVEs: CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188, CVE-2025-2900 and CVE-2025-4447. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE ...

9.8CVSS7.3AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:39 p.m.8 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF007 and 25.0.1-IF001. These vulnerabilities have been also adressed in 24.0.1-IF007 and 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

8.8CVSS7.3AI score0.03992EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 6:22 p.m.28 views

Security Bulletin: Vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash. Vulnerabilities include an attacker, local attacker, remote attacker and authenticated attacker could exploit these vulnerabilitie...

9.8CVSS8.7AI score0.2241EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 4:50 p.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex 5.0.15.2 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP reque...

8.1CVSS6.6AI score0.01131EPSS
Exploits6Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 4:38 p.m.8 views

Security Bulletin: Vulnerability in IBM's Common Cryptographic Architecture (CCA) (CVE-2025-13375)

Summary IBM Common Cryptographic Architecture CCA is used to interface with the IBM Hardware Security Module HSM. A security vulnerability exists that has a high confidentiality, integrity and availability impact on card and consuming applications. Vulnerability Details CVEID:CVE-2025-13375...

9.8CVSS6.1AI score0.00506EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 4:22 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin CVE-2025-36122, CVE-2025-14688, CVE-2025-67735, CVE-2025-68161, CVE-2026-1352, CVE-2025-12183, CVE-2026-1577, CVE-2026-3676...

8.8CVSS6.6AI score0.00743EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 3:14 p.m.17 views

Security Bulletin: IBM Quantum Safe Remediator is affected by multiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the libraries versions. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a...

9.8CVSS7.7AI score0.01557EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 2:43 p.m.12 views

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios i...

9.8CVSS7.5AI score0.01815EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:50 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033

Summary IBM Maximo Application Suite - Visual Inspection component uses jjwt-impl-0.11.5.jar which is vulnerable to CVE-2024-31033, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: JJWT aka Java JWT through...

6.8CVSS5.9AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:50 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filippo.io/edwards25519 which is vulnerable to CVE-2026-26958

Summary IBM Maximo Application Suite - Visual Inspection component uses filippo.io/edwards25519 which is vulnerable to CVE-2026-26958, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-26958 DESCRIPTION: filippo.io/edwards2551...

6.3CVSS7AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:48 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904

Summary IBM Maximo Application Suite - Visual Inspection component uses minimatch-10.1.2.tgz, minimatch-10.2.2.tgz which is vulnerable to CVE-2026-27903, CVE-2026-27904, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27903...

7.5CVSS7.1AI score0.00517EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:47 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz, tar-7.5.9.tgz which is vulnerable to CVE-2026-29786

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz, tar-7.5.9.tgz which is vulnerable to CVE-2026-29786, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a...

8.6CVSS6.3AI score0.00408EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:46 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-15599...

6.1CVSS6.7AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:45 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427

Summary IBM Maximo Application Suite - Visual Inspection component uses github.com/jackc/pgproto3/v2-v2.3.3 which is vulnerable to CVE-2026-4427, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4427 DESCRIPTION: Rejected...

6.4AI score0.00086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:43 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge-1.3.2.tgz, node-forge-1.3.3.tgz which is vulnerable to CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896 , This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS6.6AI score0.00596EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 12:13 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web...

4.3CVSS5.7AI score0.00374EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 11:29 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.9.tgz which is vulnerable to CVE-2026-31802

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.9.tgz which is vulnerable to CVE-2026-31802, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-31802 DESCRIPTION: node-tar is a full-featured Tar...

8.2CVSS7.2AI score0.00253EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:44 a.m.9 views

Security Bulletin: IBM Maximo Application Suite uses Websphere Liberty v.25.0.0.12 which is vulnerable to CVE-2024-29371, CVE-2025-12635 and CVE-2025-14914.

Summary IBM Maximo Application Suite uses Websphere Liberty v.25.0.0.12 which is vulnerable to CVE-2024-29371, CVE-2025-12635 and CVE-2025-14914. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j befor...

7.6CVSS7.2AI score0.0039EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:43 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786

Summary IBM Maximo Application Suite - Visual Inspection component uses google.golang.org/protobuf-v1.30.0, google.golang.org/protobuf-v1.31.0 which is vulnerable to CVE-2024-24786, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

7.5CVSS6.8AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 10:14 a.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.7.0 Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI...

9.8CVSS7.3AI score0.04456EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:44 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-24842

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-24842, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js,...

8.2CVSS7.2AI score0.00541EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:44 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses Lodash which is vulnerable to CVE-2025-13465

Summary IBM Maximo Application Suite - Visual Inspection component uses Lodash which is vulnerable to CVE-2025-13465, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 a...

8.2CVSS7.1AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:43 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922

Summary IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-30922, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for...

7.5CVSS5.8AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:43 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses black-26.1.0 which is vulnerable to CVE-2026-31900

Summary IBM Maximo Application Suite - Visual Inspection component uses black-26.1.0 which is vulnerable to CVE-2026-31900, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-31900 DESCRIPTION: Black is the uncompromising Pytho...

9.8CVSS6.3AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:43 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom which is vulnerable to CVE-2026-34601

Summary IBM Maximo Application Suite - Visual Inspection component uses xmldom which is vulnerable to CVE-2026-34601, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C...

7.5CVSS5.7AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:42 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33809 DESCRIPTION: A maliciously craft...

5.3CVSS5.8AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:41 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225

Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core-1.5.21.jar which is vulnerable to CVE-2026-1225, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

1.8CVSS5.7AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:40 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses diff-8.0.2.tgz which is vulnerable to CVE-2026-24001

Summary IBM Maximo Application Suite - Visual Inspection component uses diff-8.0.2.tgz which is vulnerable to CVE-2026-24001, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text...

7.5CVSS7.2AI score0.00562EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:39 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718 and CVE-2026-40175

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718 and CVE-2026-40175, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a...

9.9CVSS6AI score0.01815EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:38 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz which is vulnerable to CVE-2026-26960

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.7.tgz which is vulnerable to CVE-2026-26960 This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar f...

7.1CVSS7.3AI score0.00288EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608