Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 10:35 p.m.8 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions (CVE-2025-13734)

Summary IBM Engineering Requirements Management DOORS Next could allow an authenticated user to view and edit data beyond their assigned access permissions. This issue occurs due to insufficient authorization enforcement. An attacker with valid credentials could exploit this vulnerability to gain...

5.4CVSS5.6AI score0.00144EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 8:12 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13686, CVE-2025-13687, CVE-2025-13688)

Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13686 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands with normal user privileges on the syst...

8.8CVSS6.2AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 6:53 p.m.17 views

Security Bulletin: Components with known vulnerabilities in IBM QRadar Pre-Validation App for IBM QRadar SIEM

Summary Multiple components with known vulnerabilities were addressed in an IBM QRadar Pre-Validation App release Vulnerability Details CVEID:CVE-2025-32421 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-conditi...

9.1CVSS6.2AI score0.99621EPSS
Exploits73Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 6:52 p.m.6 views

Security Bulletin: Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a...

8.7CVSS4.5AI score0.02186EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 5:21 p.m.6 views

Security Bulletin: The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2

Summary The following vulnerabilities, which may affect IBM Storage Scale when a directory has a specific ACL composition and could lead to improper execute permissions, have been remediated in Storage Scale versions 5.2.3.6 and 6.0.0.2. Vulnerability Details CVEID:CVE-2025-14604 DESCRIPTION: IBM...

7.8CVSS6AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 4:48 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.7 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an...

7.6CVSS7AI score0.03026EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:44 p.m.12 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malforme...

8.1CVSS6AI score0.02054EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:36 p.m.11 views

Security Bulletin: Critical vulnerability addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary CVE-2025-66516 - Apache Tika addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5...

9.8CVSS6AI score0.79807EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:34 p.m.6 views

Security Bulletin: Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base

Summary Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CWE:CWE-94: Improper Control of Generation of...

7.2CVSS6AI score0.2241EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:33 p.m.7 views

Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to ...

7.5CVSS5.9AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:33 p.m.9 views

Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3

Summary Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3 Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

7.5CVSS5.9AI score0.00483EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:33 p.m.21 views

Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM

Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...

9.8CVSS7AI score0.99677EPSS
Exploits108Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 2:9 p.m.4 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service (CVE-2025-61726, CVE-2025-61728) and loss of confidentiality (CVE-2025-61730)

Summary IBM App Connect Enterprise Certified Container operator, and DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service CVE-2025-61726, CVE-2025-61728 and loss of confidentiality CVE-2025-61730. This bulletin provides patch information to...

7.5CVSS5.9AI score0.01945EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 1:39 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929.

Summary IBM Maximo Application Suite - Visual Inspection component uses transformers-4.57.3-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14924, CVE-2025-14926, CVE-2025-14927, CVE-2025-14928, CVE-2025-14929.This bulletin contains information regarding the...

7.8CVSS6.3AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 1:35 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551

Summary IBM Maximo Application Suite - Visual Inspection component uses PyTorch 2.6.0 which is vulnerable to CVE-2025-2998, CVE-2025-2999, CVE-2025-55552,CVE-2025-63396,CVE-2025-55551. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

7.5CVSS5.6AI score0.00391EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:59 p.m.6 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional which is affected by a denial of service due to jose4j.

Summary The security issue described in CVE-2024-29371 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

7.5CVSS5.9AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:25 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service (CVE-2026-2327)

Summary Node.js module markdown-it is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to regular expression denial of service ReDoS. This bulletin provides...

7.5CVSS5.9AI score0.00503EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:23 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-25536)

Summary MCP TypeScript SDK is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

7.1CVSS5.8AI score0.00267EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:21 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality (CVE-2025-13490)

Summary When an IBM App Connect Enterprise Certified Container IntegrationRuntime or IntegrationServer is configured to report metrics to a Prometheus instance in the OpenShift cluster, the metrics are sent over an unencrypted channel. This bulletin provides patch information to address the...

5.9CVSS5.9AI score0.00186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 12:18 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality (CVE-2026-24398, CVE-2026-24472, CVE-2026-24473, CVE-2026-24771)

Summary Node.js module Hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

6.5CVSS6.2AI score0.00457EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 11:34 a.m.9 views

Security Bulletin: IBM MQ is affected by multiple CVEs (CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

9.8CVSS7.6AI score0.47621EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 11:21 a.m.7 views

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jw...

8.2CVSS6.3AI score0.00743EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 10:5 a.m.10 views

Security Bulletin: There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66453)

Summary There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1...

7.5CVSS6AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 9:20 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221

Summary IBM Maximo Application Suite - Visual Inspection component uses werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...

6.3CVSS6.5AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 8:30 a.m.12 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.29 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and i...

9.4CVSS6.9AI score0.05666EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 6:11 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Maximo AI Service uses "torch-2.9.1-cp311-cp311-manylinux228x8664.whl, keras-3.12.0-py3-none-any.whl, hibernate-core-6.6.36.Final.jar" dependencies which are vulnerable to "CVE-2025-2998, CVE-2025-2999, CVE-2025-55552, CVE-2025-63396, CVE-2026-0897,...

8.3CVSS6AI score0.00782EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/28 4:17 a.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug [ CVE-2025-66221]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper name handling in Werkzeug, caused by a reading issue with Werkzeug's safejoin function that allows path segments with special device names to hang indefinately CVE-2025-66221. Werkzeug is used in our service runtimes. This...

6.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 7:55 p.m.19 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services

Summary Vulnerabilities exists in IBM Netezza Performance Server Replication Services are addressed in 3.0.5.1 Vulnerability Details CVEID:CVE-2025-23419 DESCRIPTION: When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass...

7.8CVSS6.7AI score0.66594EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 6:0 p.m.10 views

Security Bulletin: IBM Security Verify Directory Web Admin Tool Container affected by WebSphere Application Server Liberty Denial‑of‑Service Vulnerability with HTTP/2

Summary IBM Security Verify Directory Web Admin Container has remediated the WebSphere Liberty vulnerabilities CVE-2025-48976 by incorporating the updated WebSphere Liberty runtime levels that include the necessary fixes. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

7.5CVSS6.8AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 5:47 p.m.9 views

Security Bulletin: A Security Vulnerability in Java affects IBM Voice Gateway

Summary A Security Vulnerability in Java affects IBM Voice Gateway. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor...

9.8CVSS7.3AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 5:30 p.m.11 views

Security Bulletin: Vulnerability assertj-core, spring-security-crypto, werkzeug, urllib, libsodium, jersey-client, log4j, dmidecode-dmidecode, and aide affect IBM Cloud Object Storage Systems (FEB 2026)

Summary Vulnerability with assertj-core-3.27.3 CVE-2026-24400 , spring-security-crypto-6.4.4 CVE-2025-22234 , werkzeug-3.1.3-py3 CVE-2026-21860,CVE-2025-66221 , urllib3-2.5.0-py3CVE-2025-66418,CVE-2025-66471, CVE-2026-21441 , libsodiumCVE-2025-69277 jersey-client-2.25.1CVE-2025-12383 ,...

9.4CVSS6.3AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:53 p.m.6 views

Security Bulletin: IBM Rational Developer for i is affected by a memory exhaustion loop (CVE-2024-4068)

Summary A package included in the Code Coverage functionality of IBM Rational Developer for i is vulnerable to malicious input causing a crash of the program due to memory exhaustion loop as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The...

7.5CVSS6AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:52 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)

Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...

8.8CVSS6.2AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:17 p.m.6 views

Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the body-parser 2.2.0 package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5 and earlier. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies...

6.9CVSS6AI score0.00342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:59 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a URL Redirection to Untrusted Site ('Open Redirect') in urllib3 [CVE-2025-50181, CVE-2025-50182]

Summary IBM Watson Speech Services Cartridge is vulnerable to a URL Redirection to Untrusted Site 'Open Redirect' in urllib3, caused by a condition where it is possible to instantiate a PoolManager and specify retries in a way that disables redirects CVE-2025-50181, CVE-2025-50182. urllib3 is use...

6.1CVSS6.5AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:56 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

7.8CVSS6.2AI score0.19433EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:52 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2024-56433...

8.6CVSS6.2AI score0.01279EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:50 p.m.5 views

Security Bulletin: IBM Enterprise Application Service for Java is affected by a remote code execution vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-14914)

Summary IBM Enterprise Application Service for Java is affected by a remote code execution vulnerability in IBM WebSphere Application Server Liberty with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application...

7.6CVSS6.7AI score0.0039EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:46 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Redis [CVE-2021-31294]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Redis, caused by an assertion failure in a primary server by sending a non-administrative command specifically, a SET command CVE-2021-31294. Redis is used in our service runtimes. This vulnerabilitiy has been...

5.9CVSS5.9AI score0.01309EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:45 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools [CVE-2025-66034]

Summary IBM Watson Speech Services Cartridge is vulnerable to an XML Injection in fonttools, an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed CVE-2025-66034. fontTools is used in our service runtimes. This vulnerabilitiy has...

9.8CVSS6.5AI score0.00496EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:44 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse [ CVE-2026-1188]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse, due to an Incorrect Calculation of Buffer Size in the Eclipse OMR port library component CVE-2026-1188. Eclipse is used in our java microservices. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS6.2AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:43 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in QOS.CH logback-core [CVE-2026-1225]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in logback-core, caused by an ACE vulnerability in configuration file processing that allows an attacker to instantiate classes already present on the class path by compromising an existing logback configurati...

1.8CVSS5.9AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:42 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug [CVE-2026-21860]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug, due to an Improper Handling of Windows Device Names CVE-2026-21860. Werkzeug is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

6.3CVSS5.9AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv [CVE-2026-22702]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv, caused by flaws which allow local attackers to perform symlink-based attacks on directory creation operations. CVE-2026-22702. virtualenv is used in our java microservices. This...

4.5CVSS5.9AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3 [ CVE-2026-21441]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3, due to a flaw that library reads the entire response body to drain the connection and decompress the content unnecessarily, rather than decompressing only the necessary bytes as expected CVE-2026-21441...

8.9CVSS5.9AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:38 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Open Redirect and Denial of Service in urllib3 [CVE-2025-50181, CVE-2025-66418, CVE-2025-66471]

Summary IBM Watson Speech Services Cartridge is vulnerable to Open Redirect and Denial of Service due to umltiple issues in urllib3 CVE-2025-50181, CVE-2025-66418, CVE-2025-66471. urllib3 is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

8.9CVSS7.1AI score0.00633EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:34 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain [CVE-2025-65106]

Summary BM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain, due to a defect existing in LangChain's prompt template system that allows attackers to access Python object internals through template syntax CVE-2025-65106. LangChain is used in our...

8.3CVSS5.9AI score0.00466EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:33 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)

Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat, due to issues with 'tomcat-embed-core-10.1.44.jar' and 'tomcat-juli-10.1.44.jar'packagesCVE-2025-55752, CVE-2025-55754, CVE-2025-61795. Apache Tomcat is used in our...

9.6CVSS6.1AI score0.66535EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:16 p.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

8.9CVSS7.2AI score0.02667EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 2:33 p.m.11 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary A cross-site scripting vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server...

5.4CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598