Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 11:17 a.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...

8.2CVSS6.8AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 10:35 a.m.6 views

Security Bulletin: IBM Informix 12.10.xC16W6 updated to use the latest version of Java to address the Java vulnerabilities.

Summary IBM's Java version has been updated to 8.0.8.60 with Informix 12.10.xC16W6 to address multiple IBM Java vulnerabilities Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...

9.8CVSS6.3AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 7:49 a.m.5 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...

8.7CVSS6AI score0.00048EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 6:50 a.m.4 views

Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM WebSphere Application Server Liberty is used by IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine. Liberty has been updated to address CVE-2025-14923 which causes a weaker then expected security posture when using the Security Utility contained in...

9.8CVSS5.7AI score0.00035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 6:44 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250.

Summary IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input...

8.1CVSS5.9AI score0.00086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 6:42 a.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727.

Summary IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweigh...

7.5CVSS5.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 3:50 a.m.5 views

Security Bulletin: OpenPages is vulnerable to IIBM Semeru Runtime Quarterly CPU - Jan 2026 - Includes OpenJDK January 2026 CPU plus one CVE

Summary IBM Semeru Runtime Quarterly CPU - Jan 2026 - Includes OpenJDK January 2026 CPU plus one CVE. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS5.8AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/17 3:46 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.2 Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolutio...

8.2CVSS6.8AI score0.0005EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:53 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...

7.5CVSS6.6AI score0.0004EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:44 p.m.6 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:43 p.m.6 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:41 p.m.7 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:38 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:36 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 9:34 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

7.5CVSS7.3AI score0.00021EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 6:20 p.m.7 views

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-57753 DESCRIPTION: vite-plugin-static-cop...

6.9CVSS6.4AI score0.00191EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 6:8 p.m.5 views

Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)

Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...

9.8CVSS7.1AI score0.84819EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 5:42 p.m.3 views

Security Bulletin: Optional Mongo DB images in IBM Automation Decision Services 24.0.x are affected by CVE-2025-14847

Summary CVE-2025-14847 has been reported for the Mongo DB images shipped with IBM Automation Decision Services 24.0.0 and 24.0.1.. An updated version of the image is available. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may...

8.7CVSS7.2AI score0.56927EPSS
Exploits38Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 3:51 p.m.8 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - January 2026 CPU affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - January 2026 has been published in multiple security bulletins. These products have addressed the...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 3:41 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - October 2025 affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 has been published in multiple security bulletins. These products have addressed the...

7.5CVSS5.7AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 3:40 p.m.5 views

Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack

Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...

5.9CVSS6.9AI score0.00513EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 3:5 p.m.1 views

Security Bulletin: Due to use of golang.org/x/text, IBM Database Operator for Foundationdb is vulnerable to denial of service attack.

Summary IBM Database Operator for FoundationDB contains golang.org/x/text internally CVE-2021-38561 Vulnerability Details CVEID:CVE-2021-38561 DESCRIPTION: golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index...

7.5CVSS7.1AI score0.00053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 1:27 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image...

8.6CVSS5.9AI score0.00385EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 11:31 a.m.3 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-362...

8.2CVSS6.1AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 11:4 a.m.3 views

Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284

Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...

6.3CVSS5.8AI score0.0004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 11:3 a.m.2 views

Security Bulletin: IBM Rhapsody Systems Engineering is using @modelcontextprotocol/sdk-1.15.0 which is vulnerable to CVE-2026-0621

Summary A security vulnerability was identified in the @modelcontextprotocol/sdk package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2026-0621...

8.7CVSS5.8AI score0.00037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 10:58 a.m.2 views

Security Bulletin: IBM Rhapsody Systems Engineering is using langchain-0.3.30 which is vulnerable to CVE-2025-68665

Summary A security vulnerability was identified in the Langchain OSS package used in our product. The issue has been resolved by removing the vulnerable package and all LangChain-related dependencies from the codebase. Vulnerability Details CVEID:CVE-2025-68665 DESCRIPTION: LangChain is a framewo...

9.1CVSS5.7AI score0.00072EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 10:33 a.m.3 views

Security Bulletin: Optional Mongo DB images in IBM Cloud Pak for Business Automation 24.0.x are affected by CVE-2025-14847

Summary CVE-2025-14847 has been reported for the Mongo DB images shipped with IBM Cloud Pak for Business Automation 24.0.x. An updated version of the image is available. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow ...

8.7CVSS5.7AI score0.56927EPSS
Exploits38Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 8:36 a.m.3 views

Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)

Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...

8.2CVSS5.8AI score0.00022EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 4:30 a.m.4 views

Security Bulletin: Unexpected SSH_AGENT_SUCCESS Response Causes Client Panic and Premature Termination in SSH Client, affects watsonx.data

Summary SH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response wi...

7.5CVSS5.7AI score0.00018EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/16 4:29 a.m.4 views

Security Bulletin: Inefficient Regular Expression Complexity (ReDoS) Vulnerability in nth-check affect IBM watsonx.data

Summary nth-check is vulnerable to Inefficient Regular Expression Complexity. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS...

7.5CVSS5.7AI score0.00166EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/14 9:13 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248.

Summary IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2021-41248 DESCRIPTION: GraphiQL is the...

7.1CVSS5.9AI score0.00398EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/14 6:37 a.m.2 views

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-55754 DESCRIPTION:...

9.6CVSS5.6AI score0.00135EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 8:6 p.m.7 views

Security Bulletin: Vulnerability in libxml2 (CVE-2025-8732) affects AIX/VIOS

Summary Updated Mar 13 2026: Added iFix information for VIOS 3.1. Vulnerability in libxml2 could cause an uncontrolled recursion CVE-2025-8732. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2025-8732 DESCRIPTION: A vulnerability was found in libxml2 up to...

4.8CVSS4.7AI score0.00066EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 7:11 p.m.6 views

Security Bulletin: Multiple vulnerabilities in QRadar Suite Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar Suite Software version 1.11.9.0 Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose...

9.1CVSS7.6AI score0.01306EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 5:6 p.m.6 views

Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2008-2025 DESCRIPTION: Cross-site scripting XSS vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise SLE 11, before 1.2.9-108.2 on SUSE...

10CVSS7.7AI score0.92332EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 4:57 p.m.4 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to runc CVE-2025-52881

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to runc CVE-2025-52881. The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-52881 DESCRIPTION: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions...

7.5CVSS7.4AI score0.00016EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 4:55 p.m.7 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...

9.4CVSS7.7AI score0.01189EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 4:45 p.m.2 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Directory (Container)

Summary Security vulnerabilities have been addressed in IBM Verify Directory Container Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A...

8.8CVSS6.8AI score0.02889EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 3:47 p.m.2 views

Security Bulletin: Multiple Vulnerabilities in IBM Sterling Configure, Price, Quote (on-prem).

Summary Multiple vulnerabilities were addressed in IBM Sterling Configure, Price, Quote on-prem version 10.0.0.0-Sterling-VM-All-fp00027 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support...

7.5CVSS7.2AI score0.00803EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 3:46 p.m.3 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module axios (CVE-2026-25639)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to denial of service due to Node.js module axios. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

7.5CVSS5.8AI score0.00044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 3:24 p.m.2 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') due to Lodash (CVE-2025-13465)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' due to Lodash. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...

7.9CVSS5.8AI score0.00028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 2:35 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547.

Summary IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION:...

9.2CVSS5.7AI score0.0002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 11:20 a.m.3 views

Security Bulletin: Unrestricted Internet Access/Outbound Connections vulnerability found in CICS Transaction Gateway for Multiplatforms container (CVE-2026-0977)

Summary An Unrestricted Internet Access/Outbound Connections vulnerability affects the CICS Transaction Gateway for Multiplatforms container. CICS Transaction Gateway for Multiplatforms container has documented how to address the applicable vulnerability. Vulnerability Details CVEID:CVE-2026-0977...

7.1CVSS5.8AI score0.00012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 9:35 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493.

Summary IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been...

6.9CVSS5.5AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/13 7:18 a.m.4 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...

4.9CVSS5.8AI score0.00014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/12 8:43 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.9 Vulnerability Details CVEID:CVE-2025-13459 DESCRIPTION: IBM Aspera Console could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. CWE:CWE-841: Improper...

7.5CVSS5.9AI score0.00123EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/12 5:47 p.m.4 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...

6.1CVSS6.2AI score0.00056EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/12 3:42 p.m.2 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to XSS security vulnerability in the dashboard UI (CVE-2023-40693)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the XSS security vulnerability Vulnerability Details CVEID:CVE-2023-40693 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed...

5.4CVSS5.5AI score0.00012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/03/12 3:35 p.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Input Validation due to node module qs (CVE-2025-15284)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improper Input Validation due to node module qs. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...

6.3CVSS6.3AI score0.0004EPSS
Exploits1Affected Software1
Total number of security vulnerabilities34926