Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 12:2 p.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.14.1.tgz which is vulnerable to CVE-2026-2391. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for...

7.5CVSS7.1AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 12:1 p.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500.

Summary IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-28500. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-28500 DESCRIPTION: Open Neural...

9.1CVSS5.7AI score0.00318EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 12:0 p.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228.

Summary IBM Maximo Application Suite - Monitor Component uses flatted-3.3.1.tgz, flatted-3.3.2.tgz, flatted-3.3.3.tgz which is vulnerable to CVE-2026-33228. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circul...

9.8CVSS6.1AI score0.00808EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:55 a.m.•14 views

Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:55 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904.

Summary IBM Maximo Application Suite - Monitor Component uses minimatch-3.1.2.tgz, minimatch-7.4.6.tgz, minimatch-9.0.5.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details...

8.7CVSS6.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:49 a.m.•4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318. This bulletin contains information addressing the vulnerability. Vulnerability Details...

8.8CVSS6.3AI score0.01233EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:48 a.m.•8 views

Security Bulletin: IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465.

Summary IBM Edge Data Collector uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz which is vulnerable to CVE-2025-13465. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:47 a.m.•13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465.

Summary IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:45 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-29371...

7.5CVSS7.2AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 11:45 a.m.•5 views

Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471.

Summary Security Bulletin: IBM Edge Data Collector Component uses next-15.5.7.tgz which is vulnerable to CVE-2025-59471. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59471 DESCRIPTION: A denial of service vulnerability exists in self-hosted...

7.5CVSS5.8AI score0.00444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 7:47 a.m.•6 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling External...

6.5CVSS6.7AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 7:38 a.m.•6 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to Jetty

Summary A security vulnerability in Jetty's ThreadLimitHandler.getRemote can be exploited by unauthorized users to cause remote denial-of-service DoS attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. IBM Sterling Secure Proxy...

6.5CVSS6.7AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/01 5:38 a.m.•13 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...

8.6CVSS7.3AI score0.00527EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 7:52 p.m.•7 views

Security Bulletin: Vulnerability in Java SE (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary Java SE is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

7.5CVSS5.5AI score0.00864EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 7:51 p.m.•7 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14914) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip...

7.6CVSS5.8AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 7:49 p.m.•4 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-29371) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web...

7.5CVSS5.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 7:47 p.m.•6 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-29063) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototyp...

9.8CVSS5.3AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 6:39 p.m.•10 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to SQL Injection vulnerability in Dashboard UI (CVE-2025-36368)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed SQL Injection vulnerability Vulnerability Details CVEID:CVE-2025-36368 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to SQL injection. An administrative user could send special...

7.2CVSS6AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 3:31 p.m.•8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to reflected XSS vulnerability in AFT (CVE-2026-0835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed reflected XSS vulnerability Vulnerability Details CVEID:CVE-2026-0835 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS5.6AI score0.0021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 1:58 p.m.•4 views

Security Bulletin: Watsonx.data Input Interpretation Vulnerability Could Enable Improper External Service Access

Summary Watonx.data could allow an authenticated user to interact with external services improperly due to interpretation conflicts of user supplied input. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36141 DESCRIPTION: IBM Lakehouse could allow an authenticated user to...

5.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 12:13 p.m.•9 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses urllib3-2.3.0-py3-none-any.whl, cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl, pillow-12.1.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl, lodash-4.17.21.tgz and axios-1.12.2.tgz which are vulnerable to CVE-2025-50181, CVE-2025-50182,...

8.9CVSS7.2AI score0.02667EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 11:49 a.m.•18 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for April 2026

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.1 IF001 Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool manageme...

9.8CVSS7.9AI score0.03494EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 11:40 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645.

Summary IBM Maximo Application Suite uses fast-xml-parser-5.5.5.tgz and requests-2.32.5-py3-none-any.whl, which are vulnerable to CVE-2026-33349 and CVE-2026-25645. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25645...

5.9CVSS4.7AI score0.00449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 11:40 a.m.•5 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses qs-6.13.0.tgz, qs-6.14.0.tgz, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2025-15284, CVE-2026-2391, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information regardin...

7.5CVSS5.9AI score0.00478EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 11:38 a.m.•12 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

7.5CVSS6.8AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/30 12:10 a.m.•4 views

Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise

Summary Multiple Vulnerabilities in IBM DataStax Enterprise 6.8 and 6.9 Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CWE:CWE-400:...

7.8CVSS6.1AI score0.53861EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 7:49 p.m.•6 views

Security Bulletin: IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary IBM SPSS Analytic Server is affected by a TLS hostname verification vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9...

6.3CVSS6AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 6:54 p.m.•8 views

Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

Summary Vulnerabilities in PostgreSQL could allow an attacker to cause a denial of service CVE-2025-4207, read sensitive data CVE-2025-8713, or inject arbitrary code CVE-2025-8714, CVE-2025-8715. PowerVM VIOS uses PostgreSQL as part of Shared Storage Pools SSP and for internal administration...

8.8CVSS7.4AI score0.00709EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 6:41 p.m.•5 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...

8.7CVSS6.3AI score0.0061EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 6:4 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.15.jar Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FFM po...

7.5CVSS6.4AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 5:55 p.m.•10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.129.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.129.Final.jar Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user...

8.7CVSS8.4AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 5:40 p.m.•3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pyjwt-2.11.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-32597 DESCRIPTION: PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC...

7.5CVSS7.2AI score0.00269EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 5:38 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in virtualenv-20.26.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

4.5CVSS5.3AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 5:26 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52980 DESCRIPTION: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cau...

6.5CVSS5.3AI score0.00467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 5:13 p.m.•8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux_2_34_x86_64.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in cryptography-46.0.4-cp38-abi3-manylinux234x8664.whl Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5,...

8.2CVSS7.2AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 1:24 p.m.•14 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.13.1 Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of conten...

9.8CVSS8.7AI score0.47621EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 12:28 p.m.•24 views

Security Bulletin: Security vulnerability has been detected in IBM Security Verify Governance Identity Manager Adapters

Summary IBM Security Verify Governance Identity Manager Adapters use jackson-core-2.12.0.jar, which is affected by vulnerability WS-2026-0003 Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 11:4 a.m.•10 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS8.2AI score0.47621EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 9:8 a.m.•5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run...

9CVSS7.1AI score0.22709EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 9:7 a.m.•5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...

7.5CVSS6.3AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 9:3 a.m.•4 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons IO

Summary A vulnerability has been identified in Apache Commons IO, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS6.1AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/29 9:1 a.m.•6 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons FileUpload

Summary A vulnerability has been identified in Apache Commons FileUpload, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

7.5CVSS6.7AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 10:45 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as...

6.3CVSS5.2AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 10:39 p.m.•10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.110.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.110.jar Vulnerability Details CVEID:CVE-2025-66614 DESCRIPTION: Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from...

9.1CVSS7.4AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 10:37 p.m.•8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.129.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.129.Final.jar Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrect...

7.5CVSS8.2AI score0.0064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 10:27 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.12.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.12.tgz Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, ...

7.5CVSS5.4AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 10:25 p.m.•11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink insid...

7.1CVSS6.1AI score0.00288EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 9:28 p.m.•6 views

Security Bulletin: Langflow OSS affected by vulnerabilies in xmldom versions prior to 0.9.9

Summary Langflow OSS affected by vulnerabilies in xmldom versions prior to 0.9.9 Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom...

7.5CVSS5.2AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 9:25 p.m.•11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0

Summary IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0 Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS7.6AI score0.01557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2026/04/28 9:4 p.m.•3 views

Security Bulletin: Server-Side Request Forgery (SSRF) in Langflow URL Component

Summary IBM Langflow Desktop contains a Server-Side Request Forgery SSRF vulnerability in the URL data source component where user-supplied URLs are insufficiently validated before being used in backend HTTP requests, allowing authenticated attackers to force the Langflow server to make arbitrary...

6.5CVSS5.8AI score0.00167EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598