Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 5:43 a.m.5 views

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.

Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...

7.5CVSS5.8AI score0.01019EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 5:39 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

8.7CVSS5.9AI score0.00071EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 5:39 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

9.8CVSS6.2AI score0.00468EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 5:39 a.m.12 views

Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345.

Summary IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users ...

8.8CVSS6.6AI score0.09875EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/30 5:35 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.

Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...

8.9CVSS6.1AI score0.00105EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:54 p.m.4 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when given a specially crafted query (CVE-2025-36387)

Summary IBM® Db2® is vulnerable to a denial of service when given a specially crafted query with QGM objects that contain specific subquery expressions. Vulnerability Details CVEID:CVE-2025-36387 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an...

6.5CVSS5.9AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:54 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation due to the use of an unquoted search path element (CVE-2025-36384)

Summary IBM® Db2® for Windows could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. Vulnerability Details CVEID:CVE-2025-36384 DESCRIPTION: IBM Db2 for Windows could allow a local user with filesystem access to escalate the...

8.4CVSS5.9AI score0.00009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:41 p.m.6 views

Security Bulletin: IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on (CVE-2025-8916)

Summary IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules,...

6.3CVSS5.9AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:39 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2025-36353)

Summary IBM® Db2® is vulnerable to denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36353 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of servic...

6.2CVSS5.9AI score0.0002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:33 p.m.6 views

Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service as the server may crash when using a specially crafted statement (CVE-2025-36423)

Summary IBM® Db2® IBM® Db2® Federated server is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36423 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local use...

6.5CVSS5.9AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:33 p.m.6 views

Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)

Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...

7.5CVSS5.9AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:30 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper allocation of resources (CVE-2025-36098)

Summary IBM® Db2® could allow an authenticated user to cause a denial of service due to improper allocation of resources. Vulnerability Details CVEID:CVE-2025-36098 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...

6.5CVSS5.9AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:27 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when copying large tables containing XML data (CVE-2025-36123)

Summary IBM® Db2® could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. Vulnerability Details CVEID:CVE-2025-36123 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow ...

6.2CVSS5.9AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:25 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables (CVE-2025-36070)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details CVEID:CVE-2025-36070 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as a trap may occur...

7.5CVSS5.9AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:24 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to Local Privilege Escalation and get root access to the system (CVE-2025-36184)

Summary IBM® Db2® is vulnerable to Local Privilege Escalation to root due to execution of unnecessary privileges operated at a higher than minimum level. Vulnerability Details CVEID:CVE-2025-36184 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an instance...

7.2CVSS6.1AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:23 p.m.6 views

Security Bulletin: IBM® Db2® could allow an authenticated user to cause a denial of service using a specially crafted SQL statement that includes XML (CVE-2025-36001)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. Vulnerability Details CVEID:CVE-2025-36001 DESCRIPTION: IBM Db2 for...

6.5CVSS5.9AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:22 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic (CVE-2025-36428)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled. Vulnerability Details CVEID:CVE-2025-36428 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an...

5.3CVSS5.9AI score0.00034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:17 p.m.8 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2 (CVE-2025-58056, CVE-2025-58057, CVE-2025-55163)

Summary IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

8.2CVSS5.8AI score0.00097EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 3:12 p.m.4 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2025-36442)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. Vulnerability Details CVEID:CVE-2025-36442 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denia...

7.5CVSS5.9AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 2:56 p.m.7 views

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause denial of service or confidentiality impacts. CVE-2025-38471 CVE-2025-38718 CVE-2025-39682 CVE-2025-38550. Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following...

7.8CVSS6.5AI score0.00071EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 2:54 p.m.9 views

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause a denial of service. CVE-2025-38718. Vulnerability Details CVEID:CVE-2025-38718 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets i...

7.8CVSS6.6AI score0.00037EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 2:37 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718

Summary IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML...

5.3CVSS5.9AI score0.00034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 2:37 p.m.7 views

Security Bulletin: Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively

Summary Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python...

8.9CVSS6AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 1:44 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

8.6CVSS7AI score0.00208EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 7:37 a.m.15 views

Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...

7.5CVSS6.4AI score0.05222EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 6:59 a.m.10 views

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.0

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.0 Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

7.8CVSS7.2AI score0.11722EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 5:54 a.m.9 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2025-53066, CVE-2025-53057 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could all...

7.5CVSS5.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 5:11 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to access control violation

Summary Access control violation vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-15395 DESCRIPTION: Jazz Foundation is vulnerable to access control violations that allows the users to view or access/perform actions...

5.4CVSS5.8AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/29 5:8 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache POI

Summary A vulnerabilitiy has been identified in Apache POI, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...

5.3CVSS5.7AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 3:42 p.m.20 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

7.8CVSS5.7AI score0.00275EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 3:35 p.m.16 views

Security Bulletin: User Entity Behavior Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. User Entity Behavior Analytics App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-12758 DESCRIPTION: Versions of t...

8.7CVSS6.2AI score0.01214EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 11:8 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote...

7.5CVSS5.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 6:48 a.m.32 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP55 and Version 8 SR6-FP0 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Oct2019. Vulnerability Details...

6.8CVSS6.6AI score0.02946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 6:46 a.m.86 views

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...

7.8CVSS7.3AI score0.50822EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 3:42 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer

Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2025. Vulnerability Details CVEID:CVE-2025-53057...

7.5CVSS5.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/28 3:39 a.m.7 views

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2025 Critical Patch Update...

7.5CVSS5.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 3:7 p.m.11 views

Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL

Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

9.8CVSS5.9AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 2:25 p.m.11 views

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Data management console

Summary IBM Db2 Data management console has several dependent packages with vulnerabilities. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss...

9.8CVSS5.3AI score0.54214EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 9:3 a.m.14 views

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

9.8CVSS5.8AI score0.00021EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 7:5 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Jetty

Summary Vulnerabilities have been identified in Eclipse Jetty, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can rea...

7.8CVSS7.5AI score0.13581EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 7:0 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Nimbus JOSE+JWT

Summary Vulnerabilities have been identified in Nimbus JOSE+JWT, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to...

5.8CVSS5.9AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 6:59 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

Summary Cross-site scripting vulnerability has been identified in IBM Engineering Lifecycle Management - Global Configuration Management. Vulnerability Details CVEID:CVE-2025-36033 DESCRIPTION: IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS5.5AI score0.00049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 6:55 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apac...

5.5CVSS5.9AI score0.00492EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 6:51 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in FasterXML jackson-databind

Summary Vulnerabilities have been identified in FasterXML jackson-databind, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion ca...

7.5CVSS7.3AI score0.00487EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/27 3:36 a.m.13 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.8AI score0.00029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/26 10:59 p.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-52497

Summary When Linux Secure Boot is enabled, a malformed public key certificate in the grubdb or grubdbx can cause a DoS blocking Linux partition boot or make a limited amount of partition memory available. Vulnerability Details CVEID:CVE-2025-52497 DESCRIPTION: Mbed TLS before 3.6.4 has a PEM...

4.8CVSS6AI score0.00365EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/26 10:58 p.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-49087

Summary Mbed-TLS is used by partition firmware for Linux secure boot. This update is being released to mitigate any potential impacts to Linux partitions with secure boot enabled. Vulnerability Details CVEID:CVE-2025-49087 DESCRIPTION: In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing...

4CVSS5.9AI score0.00428EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/26 10:58 p.m.9 views

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

6CVSS5.9AI score0.00006EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/26 10:58 p.m.5 views

Security Bulletin: This Power System update is being released to address CVE-2025-36194

Summary The PowerVM hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Vulnerability Details CVEID:CVE-2025-36194 DESCRIPTION: IBM PowerVM hypervisor may expose a limited amount of data to a peer partition in...

3.3CVSS5.9AI score0.00006EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/26 8:22 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the January 2026 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS6AI score0.00089EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34926