Lucene search
K

35778 matches found

IBM Security Bulletins
IBM Security Bulletins
โ€ขadded last weekโ€ข3 views

Security Bulletin: Vulnerabilities in log4j, IBM WebSphere Profile and IBM Semeru Java (CVE-2026-34477, CVE-2026-34480, CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268) affect PowerVM Novalink

Summary The log4j, IBM WebSphere Liberty Profile and IBM Semeru Java are used by PowerVM Novalink. PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere...

7.5CVSS5.9AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded last weekโ€ข3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...

7.5CVSS6AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded last weekโ€ข3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix...

7.5CVSS6.4AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded last weekโ€ข5 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-681...

7.5CVSS6.3AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded last weekโ€ข3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

7.5CVSS6.3AI score0.00831EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 11:5 a.m.โ€ข7 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers. CVE-2025-27789 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.5AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 10:47 a.m.โ€ข7 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs. CVE-2026-8723 The vulenrabilty have been addressed. Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat:...

6.3CVSS7.1AI score0.00351EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 9:46 a.m.โ€ข3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...

3.2CVSS5.9AI score0.00181EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 8:7 a.m.โ€ข5 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities

Summary The security issue described in CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed ...

8.5CVSS5.9AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 8:6 a.m.โ€ข3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server affected by a remote code execution vulnerability

Summary The security issue described in CVE-2026-11536 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 8:4 a.m.โ€ข5 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling

Summary The security issue described in CVE-2026-11541 has been identified in the WebSphere Application Server and WebSphere Application Server Liberty included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins...

9.8CVSS5.9AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 8:2 a.m.โ€ข3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by HTTP request smuggling and a denial of service

Summary The security issue described in CVE-2026-9071 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS5.9AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 7:24 a.m.โ€ข3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

9.6CVSS6.8AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 7:23 a.m.โ€ข3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

9.1CVSS6.9AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/07 6:11 a.m.โ€ข3 views

Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway

Summary Security vulnerabilities have been addressed in IBM Application Gateway Vulnerability Details CVEID:CVE-2026-40355 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism...

7.5CVSS6AI score0.00501EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 10:31 p.m.โ€ข3 views

Security Bulletin: Vulnerable Version of Software in Use

Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-31790 DESCRIPTION: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact...

7.5CVSS7.4AI score0.00981EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 10:29 p.m.โ€ข5 views

Security Bulletin: Vulnerable Version of Software in Use

Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-28390 DESCRIPTION: Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that...

7.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:38 p.m.โ€ข3 views

Security Bulletin: Multiple Vulnerabilities in pyasn1 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include pyasn1 . It is susceptible to DoS, vulnerability CVE-2026-23490, CVE-2026-30922 Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior ...

7.5CVSS6.6AI score0.00679EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:37 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by multiple vulnerabilities (CVE-2026-8646, CVE-2026-9320, CVE-2026-9071)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling and a denial of service. This affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1,...

9.1CVSS5.9AI score0.00338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:35 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:35 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:34 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:31 p.m.โ€ข5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS6.6AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:30 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS6.6AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:30 p.m.โ€ข3 views

Security Bulletin: Multiple Vulnerabilities in urllib3 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include urllib3. It is susceptible to SSRF, high CPU usage and massive memory allocation vulnerabilities CVE-2025-50181, CVE-2025-66418, CVE-2025-66471,CVE-2026-21441 Vulnerability Details...

8.9CVSS6.8AI score0.02667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:30 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS6.6AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:27 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a an arbitrary file read vulnerability (CVE-2026-11806)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

7.5CVSS6AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 9:25 p.m.โ€ข3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an arbitrary file read vulnerability (CVE-2026-11806)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 8:52 p.m.โ€ข3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by server-side request forgery

Summary The security issue described in CVE-2026-9006 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9.1CVSS5.9AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 8:51 p.m.โ€ข4 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by a an authentication bypass when a JAX-WS application is deployed

Summary The security issue described in CVE-2026-10845 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affect...

7.3CVSS5.9AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 8:50 p.m.โ€ข3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by HTTP request smuggling and a denial of service.

Summary The security issue described in CVE-2026-9320 and CVE-2026-8646 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fix...

9.1CVSS5.9AI score0.00338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 8:41 p.m.โ€ข3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty which are affected by remote code execution and a denial of service

Summary The security issue described in CVE-2026-10852, CVE-2026-8858 and CVE-2026-9072 has been identified in WebSphere Application Server and WebSphere Application Server Liberty included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refe...

9.8CVSS5.9AI score0.00409EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 8:7 p.m.โ€ข5 views

Security Bulletin: Path traversal allows arbitrary file read in IBM Terraform Self Managed container

Summary IBM Terraform Self Managed contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content...

7.7CVSS5.9AI score0.00295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 5:10 p.m.โ€ข4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in React Router

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in React Router. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using...

8.7CVSS6.6AI score0.00416EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 4:43 p.m.โ€ข3 views

Security Bulletin: Vulnerability in golang.org/x/net package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage include the golang.org/x/net package. It cause a running server to panic. CVE-2026-27141 Vulnerability Details CVEID:CVE-2026-27141 DESCRIPTION: Due to missing nil check, sending 0x0a-0x0f HTTP/2...

7.5CVSS5.9AI score0.00501EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 4:16 p.m.โ€ข42 views

Security Bulletin: IBMยฎ Db2ยฎ is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBMยฎ Db2ยฎ is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...

9.8CVSS6.6AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 3:29 p.m.โ€ข4 views

Security Bulletin: Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities

Summary Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445,...

9.1CVSS6.9AI score0.02719EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 2:58 p.m.โ€ข3 views

Security Bulletin: IBMยฎ Db2ยฎ could disclose sensitive information to an authenticated user from the monitoring and event tables (CVE-2025-36372)

Summary IBMยฎ Db2ยฎ could disclose sensitive information such as access keys to an authenticated user from the monitoring and event tables. CVE-2025-36372 Vulnerability Details CVEID:CVE-2025-36372 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows...

6.5CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 2:55 p.m.โ€ข4 views

Security Bulletin: Vulnerability in Pillow package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage include Pillow library, which is susceptible to out-of-bound write, DoS vulnerabilities CVE-2026-25990, CVE-2026-40192. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python...

8.7CVSS5.9AI score0.00671EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 2:3 p.m.โ€ข3 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command...

9.1CVSS7.3AI score0.01713EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 1:49 p.m.โ€ข6 views

Security Bulletin: IBM WinCollect Agent is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in this release of IBM WinCollect Agent Vulnerability Details CVEID:CVE-2026-5545 DESCRIPTION: libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a...

9.8CVSS6.4AI score0.01735EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 1:46 p.m.โ€ข4 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding :...

9.1CVSS6.9AI score0.18891EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 1:46 p.m.โ€ข5 views

Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities

Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS โ‰ฅ 9.0,including Tomcat CLIENTCERT Improper Authentication CVE-2026-29145,...

9.8CVSS7.3AI score0.66537EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 1:23 p.m.โ€ข9 views

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 2.0 Vulnerability Details CVEID:CVE-2026-41676 DESCRIPTION: rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it...

9.8CVSS7.8AI score0.00412EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 1:20 p.m.โ€ข3 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS6.7AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 12:46 p.m.โ€ข3 views

Security Bulletin: Eclipse IDE versions 2023-09 (4.29) is vulnerable to external attack

Summary A vulnerability in Eclipse IDE version 2023-09 4.29 was found. The IBM Enterprise Records configuration manager tool was using Eclipse IDE to help present the user interface for customers to configure their software. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 10:21 a.m.โ€ข3 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when...

9.8CVSS8.1AI score0.03256EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 10:9 a.m.โ€ข16 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client...

7.5CVSS6.3AI score0.00808EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 10:1 a.m.โ€ข3 views

Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilites

Summary The vulnerabilities were found in dependent open source libraries used within IBM Quantum Safe Explorer code base. These issues have been addressed by updating the versions of affected libraries. Vulnerability Details CVEID:CVE-2026-9595 DESCRIPTION: Impact: When a user-configured proxy o...

7.5CVSS5.7AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2026/07/06 6:44 a.m.โ€ข3 views

Security Bulletin: IBM Quantum Safe Remediator is affected by mutiple vulnerabilities

Summary The vulnerabilities are found in the dependent open source libraries used in IBM Quantum Safe Remediator code base. IBM Quantum Safe Remediator has addressed these vulnerabilities by updating the versions of the affected libraries. Vulnerability Details CVEID:CVE-2026-39824 DESCRIPTION:...

9.3CVSS6.4AI score0.00492EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35778