Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:3 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

6.4CVSS5.5AI score0.00157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:2 p.m.5 views

Security Bulletin: Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its API v2 file upload functionality where the POST /api/v2/files endpoint fails to validate and sanitize user-supplied filenames before passing them to the LocalStorageService, resulting in a path traversal condition that allows...

6.5CVSS6.8AI score0.00374EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 8:56 p.m.5 views

Security Bulletin: Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its code validation functionality where the /api/v1/validate/code endpoint uses Python's exec to process user-supplied input and fails to account for decorator execution during function definition parsing, allowing authenticated attackers t...

8.8CVSS6.3AI score0.0047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 8:7 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regul...

8.7CVSS7.2AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 8:3 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution...

8.2CVSS6.6AI score0.00541EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 7:28 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...

8.7CVSS5.3AI score0.00713EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 7:25 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. T...

4.8CVSS5.1AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 7:21 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28351 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.2AI score0.00423EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 7:11 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or...

7.5CVSS7.2AI score0.01177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 6:50 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of DOMPurify

Summary Due to use of DOMPurify, DevOps Test Performance and Rational Performance Tester contain a potential Cros-Site Scripting XSS vulnerability. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions...

6.9CVSS5AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 2:50 p.m.5 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-1346...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 2:14 p.m.5 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jetty-http (CVE-2025-11143)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-11143 reported for jetty-http-12.0.25.jar. Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differentia...

6.5CVSS7.7AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 1:50 p.m.6 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in minimatch. CVE-2026-26996 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting gl...

8.7CVSS7.3AI score0.00519EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 1:6 p.m.12 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-33151 DESCRIPTION: Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prio...

9.8CVSS7.4AI score0.00978EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 1:3 p.m.4 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-33671 DESCRIPTION: Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, an...

9.8CVSS8.9AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 10:42 a.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

7.5CVSS5.9AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 7:11 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx_11_0_arm64.whl which is vulnerable to CVE-2026-24747

Summary IBM Maximo Application Suite - Visual Inspection component uses torch-2.8.0-cp310-none-macosx110arm64.whl which is vulnerable to CVE-2026-24747, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24747 DESCRIPTION:...

8.8CVSS5.8AI score0.00695EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 10:22 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is fals...

8.2CVSS5.9AI score0.00334EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 9:19 p.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime and IBM SDK, Java™ Technology Edition affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to Denial of Service CVE-2026-21945, Tampering CVE-2026-21932, Information Disclosure CVE-2026-21933, CVE-2026-21925 and Elevation of Privilege CVE-2026-1188 threats due to the use of IBM Semeru Runtime and IBM SDK, Java Technology Edition...

9.8CVSS6.8AI score0.00864EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:56 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)

Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...

7.5CVSS5.5AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:48 p.m.61 views

Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527

Summary IBM customers who use the IBM 4769 Developer's Toolkit to create custom firmware images may be affected by one or more vulnerabilities that were announced against the Linux kernel. Vulnerability Details CVEID:CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected...

7.8CVSS6.8AI score0.03784EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 5:55 p.m.12 views

Security Bulletin: Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

Summary Langflow OSS is affected by an insecure direct object reference vulnerability in its Monitor API due to missing authorization checks. Although these endpoints require authentication, they fail to verify ownership of the provided flowid, allowing any authenticated user to access or...

8.1CVSS5.7AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 5:44 p.m.8 views

Security Bulletin: Langflow OSS Authenticated Remote Code Execution (RCE) vulnerability exists in the validate_code function

Summary Langflow OSS contains a critical vulnerability in code validate endpoint due to unsafe use of Python's exec function within the validatecode routine. While the feature is intended to validate user-supplied function definitions, it fails to account for Python decorators, which are executed...

8.8CVSS7AI score0.0047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 4:52 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the April 2026 Java CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS5.5AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 4:13 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.3 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific...

9CVSS7.4AI score0.01815EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:12 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the serve...

7.5CVSS5.2AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:11 p.m.16 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the...

7.5CVSS5.2AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:9 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server...

7.5CVSS5.2AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:7 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2026-25639, CVE-2025-13465, CVE-2025-68470, CVE-2026-22029)

Summary IBM Rational Developer for i is affected by a denial of service vulnerability in axios CVE-2026-25639, a deletion of properties vulnerability in Lodash CVE-2025-13465, a navigation/redirect vulnerability in React Router CVE-2025-68470, and an unintended javascript execution vulnerability ...

8.2CVSS6.1AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 3:6 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2026-1605, CVE-2026-29063, CVE-2025-11143, CVE-2026-2332, CVE-2025-15599, CVE-2026-0540)

Summary IBM Rational Developer for i is affected by a resource consumption vulnerability in Eclipse Jetty Server CVE-2026-1605, a prototype pollution vulnerability in Immutable CVE-2026-29063, an improper input validation vulnerability in Jetty HTTP URI CVE-2025-11143, a request smuggling...

9.8CVSS5.2AI score0.01127EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:26 p.m.4 views

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-39761, CVE-2025-38351, CVE-2024-50301 Vulnerability Details CVEID:CVE-2025-39761 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: wifi:...

7.1CVSS5.5AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:23 p.m.4 views

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-58005, CVE-2025-21993, CVE-2025-21927, CVE-2024-58069, CVE-2024-58007 Vulnerability Details CVEID:CVE-2024-58005 DESCRIPTION: In the Linux kernel, the following...

7.8CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:20 p.m.8 views

Security Bulletin: Vulnerabilities in httpd affects IBM Netezza Appliance

Summary The httpd package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-39806, CVE-2025-39840, CVE-2025-39883, CVE-2025-40240 Vulnerability Details CVEID:CVE-2025-39806 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

7.1CVSS5.5AI score0.00184EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:16 p.m.5 views

Security Bulletin: Vulnerabilities in podman affects IBM Netezza Appliance

Summary The podman package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-9566, CVE-2025-47907 Vulnerability Details CVEID:CVE-2025-9566 DESCRIPTION: There's a vulnerability in podman where an attacker may use the kube play command to overwrite...

8.1CVSS5.4AI score0.01008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:10 p.m.7 views

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-40318, CVE-2025-40271, CVE-2025-40269, CVE-2025-40170, CVE-2025-40158, CVE-2025-40141, CVE-2025-40135, CVE-2025-39760, CVE-2025-38730, CVE-2025-38459, CVE-2025-38415,...

7.8CVSS5.9AI score0.00517EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:6 p.m.15 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION:...

9.8CVSS7AI score0.01735EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 1:5 p.m.3 views

Security Bulletin: Vulnerability in brotli affects IBM Netezza Appliance

Summary The brotli package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-6176 Vulnerability Details CVEID:CVE-2025-6176 DESCRIPTION: Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli...

7.5CVSS5.3AI score0.00509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 12:24 p.m.11 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Eclipse Jersey Race Condition (CVE-2025-68161)

Summary The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perfor...

6.3CVSS5.4AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 10:31 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...

8.7CVSS7.1AI score0.00681EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 9:35 a.m.6 views

Security Bulletin: IBM watsonx.data integration (Data Observability) is vulnerable to node-forge-1.3.1.tgz due to CVE-2025-12816 ( CVE number(s) )

Summary An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security...

8.6CVSS6.5AI score0.00689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 9:3 a.m.11 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

9.1CVSS6AI score0.0048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 8:16 a.m.6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr

Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...

6.1CVSS6.2AI score0.03313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:59 a.m.4 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and weaker than expected security vulnerabilities in WebSphere Application Server Liberty

Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the application security stack and security utility. CVE-2025-14923 and CVE-2024-29371. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty...

9.8CVSS5.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:44 a.m.9 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

9.1CVSS7AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:44 a.m.8 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses logback-core-1.5.21.jar, spring-web-6.2.14.jar, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2026-1225, CVE-2026-22735, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information...

6.3CVSS4.6AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.11 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14923, CVE-2025-14915, CVE-2024-29371, CVE-2026-1561, CVE-2026-29063, CVE-2025-14917. This has been addressed in the remediation section. Vulnerability...

9.8CVSS7.9AI score0.00978EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.10 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

8.8CVSS7.8AI score0.01682EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.15 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

10CVSS9.8AI score0.00968EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:14 a.m.8 views

Security Bulletin: Carbon Charts React Router Security Vulnerabilities

Summary Carbon Charts versions prior to v1.27.8 include a vulnerable version of React Router that is susceptible to five security vulnerabilities CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030 with severity ranging from Medium to High CVSS 6.1 to 8.2. These...

8.2CVSS5.9AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:10 a.m.8 views

Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities

Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...

9.8CVSS6.6AI score0.01735EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598