Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 2:45 p.m.6 views

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to Solr Core

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-45217...

9.8CVSS6.7AI score0.9408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 12:23 p.m.7 views

Security Bulletin: Vulnerability in sssd library (CVE-2025-11561) affects Power HMC.

Summary The sssd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-11561 DESCRIPTION: A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In defaul...

8.8CVSS5.5AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 12:22 p.m.9 views

Security Bulletin: Vulnerabilities in libsoup library (CVE-2025-4945, CVE-2025-11021) affect Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-4945 DESCRIPTION: A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The...

7.5CVSS5.5AI score0.00296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 10:54 a.m.17 views

Security Bulletin: Due to the use of Apache Tika, IBM webMethods Integration Server is vulnerable to XML External Entity injection (CVE-2025-66516)

Summary IBM webMethods Integration Server uses Apache Tika for Reference Data functionality and vulnerability reported in Apache Tika is addressed. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parser...

9.8CVSS5.5AI score0.01579EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 10:13 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226

Summary IBM Maximo Application Suite - Visual Inspection component uses logback-core which is vulnerable to CVE-2025-11226. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional...

5.9CVSS6.1AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 9:15 a.m.14 views

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server and WebSphere Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server and WebSphere Liberty has been published in a security bulletin. Vulnerability...

9.8CVSS5.4AI score0.00025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 8:17 a.m.8 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service (CVE-2025-2240)

Summary IBM Event Streams is vulnerable to a denial of service due to an out‑of‑memory condition in smallrye-fault-tolerance. Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This...

7.5CVSS5.4AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 8:16 a.m.8 views

Security Bulletin: IBM Event Streams is vulnerable to information disclosure (CVE-2025-49574)

Summary IBM Event Streams is vulnerable to information disclosure due to improper handling of Vert.x duplicated contexts in Quarkus. Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior ...

6.4CVSS5.4AI score0.00126EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 7:18 a.m.9 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to improper input validation( CVE-2025-12758)

Summary IBM Event Endpoint Management is vulnerable to improper input validation due to incorrect Unicode string length calculation. Vulnerability Details CVEID:CVE-2025-12758 DESCRIPTION: Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More...

8.7CVSS5.8AI score0.00112EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 6:50 a.m.9 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to command injection vulnerability (CVE-2025-64756)

Summary IBM Event Endpoint Management is vulnerable to command injection vulnerability due to Glob matches files. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob...

7.5CVSS6.4AI score0.00025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 5:37 a.m.5 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (January 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 4:58 a.m.8 views

Security Bulletin: Improper Permission Check in Apache ZooKeeper AdminServer Allows Unauthorized Snapshot and Restore Operations, affects watsonx.data

Summary Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue c...

4.3CVSS5.5AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 4:45 a.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, an...

9.8CVSS6.4AI score0.00099EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 4:44 a.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-33088 DESCRIPTION: IBM Concert Software could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file...

9.8CVSS5.7AI score0.02141EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 3:19 a.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

8.4CVSS5.9AI score0.00261EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 5:2 p.m.6 views

Security Bulletin: Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.data

Summary Malicious File Upload by Privileged Users in IBM Lakehouse May Allow Limited File or Data Modification. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36183 DESCRIPTION: IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server...

3.8CVSS5.5AI score0.00037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 4:51 p.m.6 views

Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

Summary Fixes to common vulnerabilities discovered in IBM Db2 Merge Backup for Linux, UNIX and Windows v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33130 DESCRIPTION: IBM Db2 Merge Backup for Linux, UNIX and Windows could allow an authenticated user to cause the...

7.5CVSS5.9AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 3:27 p.m.16 views

Security Bulletin: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities

Summary IBM Financial Transaction Manager for ACH Services and Check Services has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data...

8.8CVSS5.6AI score0.00487EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:45 p.m.11 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-65637 DESCRIPTION: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger th...

8.9CVSS5.7AI score0.037EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:42 p.m.6 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when manipulating or using queries with federated objects (CVE-2025-14689)

Summary IBM® Db2® federated server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. Vulnerability Details CVEID:CVE-2025-14689 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2...

6.5CVSS5.6AI score0.00071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:42 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.6CVSS6.4AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:40 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure under specific HADR configuration (CVE-2025-36425)

Summary IBM® Db2® could allow an authenticated user to obtain sensitive information under specific HADR configuration. Vulnerability Details CVEID:CVE-2025-36425 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to obtain sensitive...

6.5CVSS5.5AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:39 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.6CVSS6.4AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:39 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to external entities parsing in XML (CVE-2025-36247)

Summary IBM® Db2® is vulnerable to an XML external entity injection XXE attack when processing XML data. Vulnerability Details CVEID:CVE-2025-36247 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an XML external entity injection XXE attack when...

8.2CVSS5.7AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:37 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations (CVE-2025-2668)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query that uses ALTER TABLE operations. Vulnerability Details CVEID:CVE-2025-2668 DESCRIPTION: IBM Db2 for...

6.5CVSS5.5AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 2:36 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.6CVSS6.4AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/09 11:57 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-61725 DESCRIPTION: The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large...

7.5CVSS5.8AI score0.0013EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/08 4:14 p.m.8 views

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE...

5.9CVSS5.6AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/08 6:56 a.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM StreamSets Data Collector

Summary A security vulnerability CVE-2025-41242 has been addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servle...

5.9CVSS6.3AI score0.05222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 10:10 p.m.10 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Cloudkit are now addressed in 5.2.3.6 and 6.0.0.1 (CVE-2025-47914, CVE-2025-58181, CVE-2025-47913)

Summary The following security vulnerabilities impacting deployments utilizing IBM Storage Scale CloudKit have been addressed in 5.2.3.6 and later, and 6.0.0.1 and later. These issues could have resulted in reduced security assurances under certain configurations. Vulnerability Details...

7.5CVSS6.8AI score0.00046EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 5:13 p.m.17 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...

8.6CVSS6.8AI score0.00636EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 2:43 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13689)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13689 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive informatio...

8.8CVSS5.7AI score0.0003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 2:41 p.m.6 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing (CVE-2025-13691)

Summary HTTP processing is used by DataStage on Cloud Pak for Data as part of the overall request processing. Vulnerability Details CVEID:CVE-2025-13691 DESCRIPTION: IBM DataStage on Cloud Pak for Data returns sensitive information in an HTTP response that could be used to impersonate other users...

8.1CVSS5.4AI score0.00043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 2:33 p.m.8 views

Security Bulletin: Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[CVE-2023-38265, CVE-2023-38005]

Summary Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect Cloud Pak System respectively. IBM Cloud Pak System could allow an authenticated user to perform unauthorized tasks due to improper access controls , and disclose folder location informati...

5.3CVSS5.3AI score0.00049EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 12:44 p.m.7 views

Security Bulletin: qs parse module DoS vulnerability: arrayLimit bypass via bracket notation allows memory exhaustion (qs < 6.14.1)

Summary An input validation flaw in qs 6.14.1 allows attackers to bypass arrayLimit using bracket notation a=x, leading to unauthenticated HTTP denial-of-service via memory exhaustion. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse...

6.3CVSS5.6AI score0.0004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 7:12 a.m.7 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-7962) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to...

7.5CVSS6.3AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 6:19 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273

Summary IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273. This bulletin contains information regarding the vulnerability and its remediation...

8.8CVSS7.8AI score0.02857EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/06 6:12 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471

Summary IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a...

8.9CVSS7.5AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 10:3 p.m.12 views

Security Bulletin: AIX/VIOS is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)

Summary Vulnerability in Perl could allow an attacker to cause a denial of service or possibly execute code WS-2025-0004. AIX uses Perl in various operating system components. Vulnerability Details ID:WS-2025-0004 DESCRIPTION: Fix a class of false positives where input should have been rejected...

7.5CVSS7.5AI score0.00803EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 8:50 p.m.6 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Denial of Service due to IBM Liberty Server (CVE-2025-36000)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial-of-service security vulnerability Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Th...

4.8CVSS5.1AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 8:23 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature...

7.5CVSS5.4AI score0.00012EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 8:20 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows...

5.9CVSS6.2AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 8:19 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.4-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with...

6.3CVSS5.3AI score0.00024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 8:18 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-lang-2.6.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in commons-lang-2.6.jar Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6,...

5.3CVSS7.3AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 6:15 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to information Disclosure CVE-2025-53066 and one Tampering CVE-2025-53057 unauthorized data access due to the use of IBM® SDK Java™ Technology Edition, Version 8 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS5.7AI score0.00068EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 6:10 p.m.10 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Denial of Service.

Summary IBM Virtualization Engine TS7700 is susceptible to denial-of-service condition due to the use of Python CVE-2025-6069. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks. Vulnerability Details CVEID:CVE-2025-6069 DESCRIPTION: The...

4.3CVSS5.5AI score0.00864EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 4:31 p.m.7 views

Security Bulletin: The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2025-36348)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36348 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could allow a remote privileged attacker to obtain sensitive...

4.9CVSS5.5AI score0.00048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 3:27 p.m.11 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by Netty CRLF injection vulnerability, SCRAM authentication vulnerability, Hibernate Reactive database connection leak vulnerability and Quarkus REST worker thread exhaustion vulnerability. Vulnerability Details CVEID:CVE-2025-14969 DESCRIPTION:...

8.7CVSS7.3AI score0.00098EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 12:52 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.20 LTS and 12.20.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.6CVSS7.6AI score0.01262EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/05 12:50 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2025-61727) and denial of service (CVE-2025-61729)

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to Goland module crypto/x509. This bulletin provides patch information to address the reported vulnerabilities in Goland module crypto/x509...

7.5CVSS7.4AI score0.00019EPSS
Exploits2Affected Software1
Total number of security vulnerabilities34926