Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/21 9:31 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Oct 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTIO...

7.5CVSS5.6AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/21 5:14 a.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...

6.9CVSS7.7AI score0.0056EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/20 11:21 p.m.9 views

Security Bulletin: This Power System update is being released to address CVE-2025-49133

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...

5.9CVSS8.4AI score0.00135EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/20 8:45 p.m.7 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denia...

7.5CVSS5.6AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/20 4:34 p.m.11 views

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in ICU libraries.

Summary The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or...

9.8CVSS10AI score0.08003EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/20 11:54 a.m.9 views

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address the multiple vulnerabilities CVE-2025-36410, CVE-2025-36409, CVE-2025-36419, CVE-2025-36408, CVE-2025-36418, CVE-2025-36411. Vulnerability Details CVEID:CVE-2025-36410 DESCRIPTION: IBM ApplinX could allow an authenticated user to perform...

9.8CVSS5.3AI score0.0021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/20 11:43 a.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM Engineering AI hub.

Summary Multiple vulnerabilities were addressed in IBM Engineering AI Hub version 1.1.0. Vulnerability Details CVEID:CVE-2025-58751 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the publi...

8.9CVSS6.6AI score0.0118EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/19 10:45 a.m.9 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...

7.5CVSS6.9AI score0.00633EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/19 5:37 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving...

7.5CVSS5.5AI score0.00591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 7:41 p.m.14 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

6.8CVSS7.1AI score0.0056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 7:40 p.m.16 views

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to...

7.5CVSS7.8AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 7:40 p.m.12 views

Security Bulletin: A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-27086)

Summary A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation for authentication processing. This bulletin identifies the security fixes to apply to...

3.9CVSS4.5AI score0.00189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 5:30 p.m.9 views

Security Bulletin: A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results (CVE-2025-47907).

Summary A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results CVE-2025-47907. grpc is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

7CVSS6.5AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 4:43 p.m.8 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

9.4CVSS6.7AI score0.00435EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 4:39 p.m.11 views

Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2024-29992...

7.5CVSS6.4AI score0.02719EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 4:34 p.m.8 views

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5305...

7.5CVSS6.4AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 4:3 p.m.19 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-8747 DESCRIPTION: A safe mode...

9.8CVSS8.1AI score0.02322EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 2:28 p.m.14 views

Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution (CVE-2025-1550).

Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability...

9.8CVSS7.8AI score0.02803EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 2:26 p.m.8 views

Security Bulletin: Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

Summary Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. These vulnerabilities are specifically found in the Sterling Connect:Express Adapter for Sterling B2B Integrator. The Web interface is delivered with this product as an additional component of the services...

6.5CVSS6.3AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 2:25 p.m.16 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base image for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.8CVSS7AI score0.01263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 10:49 a.m.6 views

Security Bulletin: Confidentiality Vulnerability in IBM Watson Explorer Related to Java SE JAXP

Summary IBM SDK, Java Technology is used within IBM Watson Explorer CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact,...

7.5CVSS6.1AI score0.00633EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:35 a.m.31 views

Security Bulletin:Vulnerability in glib2 affects IBM Netezza Appliance

Summary The glib2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 Vulnerability Details CVEID:CVE-2025-13601 DESCRIPTION: A heap-based buffer overflow problem was found in glib through an incorrect...

9.8CVSS7.4AI score0.00754EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:33 a.m.13 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS6.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:32 a.m.7 views

Security Bulletin:Vulnerability in Requests affects IBM Netezza Appliance

Summary The Requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-47081, CVE-2023-32681, CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases...

6.1CVSS6.9AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:29 a.m.16 views

Security Bulletin: Vulnerability in crypto/x509 affects IBM Netezza Appliance

Summary The crypto/x509 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61727, CVE-2025-61729 Vulnerability Details CVEID:CVE-2025-61727 DESCRIPTION: An excluded subdomain constraint in a certificate chain does not restrict the usage of...

7.5CVSS6.3AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:28 a.m.12 views

Security Bulletin: Remediation of Multiple Apache Struts 1.3.10 Vulnerabilities in IBM Library Support for Struts

Summary Multiple EOL Apache Struts 1.3.10 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-54656 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Strut...

8.8CVSS8.1AI score0.96121EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:26 a.m.10 views

Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance

Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68146 Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a...

6.5CVSS5.9AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:20 a.m.8 views

Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

7.5CVSS7.2AI score0.00561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:15 a.m.23 views

Security Bulletin: Remediation of Multiple Apache Struts 1.1 Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts 1.1 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2006-1546 DESCRIPTION: Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a...

10CVSS9.7AI score0.96121EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:15 a.m.18 views

Security Bulletin: Vulnerability in Java affects IBM Netezza Appliance

Summary The Java package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21502 Vulnerability Details CVEID:CVE-2025-21502 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...

4.8CVSS7AI score0.00971EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 9:11 a.m.31 views

Security Bulletin: Remediation of Multiple Apache Struts 2.5.33 Vulnerabilities in IBM Library Support for Struts.

Summary EOL Apache Struts 2.5.33 vulnerability has been addressed in IBM Library Support for Struts. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

9.8CVSS9.5AI score0.78198EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 8:37 a.m.9 views

Security Bulletin: Due to the use of go-redis, IBM watsonx.ai on Cloud Pak for Data is vulnerable to out of order response during time-outs

Summary IBM watsonx.ai on Cloud Pak for Data internally uses go-redis CVE-2025-29923 Vulnerability Details CVEID:CVE-2025-29923 DESCRIPTION: go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order...

3.7CVSS7AI score0.00694EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 8:37 a.m.10 views

Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21295)

Summary Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-cor...

5.9CVSS8.5AI score0.18891EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 8:32 a.m.11 views

Security Bulletin:Vulnerability in Perl affects IBM Netezza Appliance

Summary The Perl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2020-10543, CVE-2020-10878, CVE-2025-40909, CVE-2020-12723 Vulnerability Details CVEID:CVE-2020-10543 DESCRIPTION: Perl before 5.30.3 on 32-bit platforms allows a heap-based...

8.6CVSS7.2AI score0.11334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 7:36 a.m.10 views

Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-55163 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and...

8.2CVSS6.9AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 7:48 p.m.17 views

Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability

Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...

8.7CVSS7AI score0.83007EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:54 p.m.14 views

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5005...

8.6CVSS6.3AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:50 p.m.6 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service (CVE-2025-58754)

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service. form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

7.5CVSS8.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:49 p.m.5 views

Security Bulletin: A vulnerability in ASP.NET Core affects IBM Robotic Process Automation and could result in elevated privileges (CVE-2025-7326).

Summary A vulnerability in ASP.NET Core affects IBM Robotic Process Automation and could result in elevated privileges. ASP.NET Core is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve this fvulnerability...

7CVSS6.7AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:47 p.m.6 views

Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak (CVE-2020-36732).

Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to address this...

5.3CVSS6.7AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 2:48 p.m.4 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.

Summary IBM Sterling Connect:Direct for UNIX Container requires credential for Standard User Mode deployment. This fix removes the hard-coded credentials and uses dynamically generated one during container initialization. Vulnerability Details CVEID:CVE-2025-14115 DESCRIPTION: IBM® Sterling...

8.4CVSS6.8AI score0.001EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 4:3 a.m.6 views

Security Bulletin: Bouncy Castle for Java BC-FJA NativeLoader Resource Consumption Issue, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips API modules allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Boun...

5.9CVSS6.8AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 3:56 a.m.7 views

Security Bulletin: Improper Drive Name Handling in Node.js path.join on Windows, affect watsonx.data

Summary A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root...

5.6CVSS6.6AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 11:57 p.m.5 views

Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information

Summary There is a vulnerability in IBM Controller due to the use of hardcoded cryptographic keys for signing session cookies. This Security Bulletin addresses CVE-2025-36326. Vulnerability Details CVEID:CVE-2025-36326 DESCRIPTION: IBM Controller could allow an attacker to obtain sensitive...

7.5CVSS6.1AI score0.00213EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 6:56 p.m.13 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)

Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...

9.8CVSS8.1AI score0.18763EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 4:15 p.m.12 views

Security Bulletin: AIX/VIOS is vulnerable to an out-of-bounds read (CVE-2025-9230, CVE-2025-9232) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow an attacker to trigger an out-of-bounds read CVE-2025-9230, CVE-2025-9232. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt C...

7.5CVSS7AI score0.02016EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 12:11 p.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

8.3CVSS7.5AI score0.03092EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 9:36 a.m.6 views

Security Bulletin:Vulnerability in pam affects IBM Netezza Appliance

Summary The pam package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8941 Vulnerability Details CVEID:CVE-2025-8941 DESCRIPTION: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local...

7.8CVSS5.7AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 9:32 a.m.12 views

Security Bulletin:Vulnerability in gnuTLS affects IBM Netezza Appliance

Summary The gnuTLS package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-6395, CVE-2025-32990, CVE-2025-32989, CVE-2025-32988 Vulnerability Details CVEID:CVE-2025-6395 DESCRIPTION: A NULL pointer dereference flaw was found in the GnuTLS softwa...

8.2CVSS6.2AI score0.01185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 1:43 a.m.12 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF (CVE-2025-66516)

Summary IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF CVE-2025-66516. Apache Tika is used by the Run SQL Scripts feature of IBM i Access Client Solutions to determine the content type of binary colum...

9.8CVSS7.1AI score0.79807EPSS
Exploits5Affected Software1
Total number of security vulnerabilities35608