Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/22 10:6 a.m.3 views

Security Bulletin: IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability (CVE-2025-10725)

Summary IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability in the Red Hat Openshift AI operator. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full...

9.9CVSS6.7AI score0.00178EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/22 5:19 a.m.5 views

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...

8.8CVSS6.8AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 10:25 p.m.8 views

Security Bulletin: Local File Inclusion (LFI) vulnerability in IBM Content Navigator

Summary A Local File Inclusion LFI vulnerability has been identified in IBM Content Navigator ICN, where an authenticated attacker can exploit an HTTPS request URL in a way that it will return content of any file from the server where ICN is running. Vulnerability Details CVEID:CVE-2025-27906...

5.3CVSS6.3AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 8:1 p.m.2 views

Security Bulletin: Security Vulnerabilities in Java libraries affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

7.5CVSS6.5AI score0.00099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 6:31 p.m.9 views

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

7.5CVSS8.2AI score0.00924EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 6:17 p.m.2 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK ( CVE-2025-30761 & CVE-2025-30754 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Access Control and Deserialization of Untrusted Data due to IBM Java SDK. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition...

5.9CVSS7AI score0.00559EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 6:4 p.m.6 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2016-5725) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE,...

5.9CVSS6.8AI score0.26672EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 6:2 p.m.6 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36047) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by...

7.5CVSS6.9AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 5:59 p.m.3 views

Security Bulletin: Vulnerability in Apache Commons Lang (CVE-2025-48924) affects IBM PowerVM Novalink.

Summary Apache Commons Lang is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting...

5.3CVSS8.7AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 5:56 p.m.5 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-56339) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow ...

7.5CVSS8.9AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 5:54 p.m.11 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36000) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Thi...

4.8CVSS6.1AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 5:52 p.m.7 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36124) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS6.6AI score0.00051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 2:44 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.305 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix...

9.8CVSS7.2AI score0.01319EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 10:58 a.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]

Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported...

6.3CVSS6.3AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 9:21 a.m.3 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution and Server-Side Request Forgery (CVE-2025-27818, CVE-2025-27817)

Summary IBM Event Streams is vulnerable to remote code execution via unsafe deserialization in Kafka Connect configurations, and another enabling server-side request forgery and arbitrary file read through misconfigured OAuthBearer endpoints in Kafka Clients. Vulnerability Details...

8.8CVSS7.9AI score0.21423EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 6:11 a.m.8 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console. (CVE-2023-51775, CVE-2023-23916, CVE-2025-27363, CVE-2024-38819, CVE-2024-45801, CVE-2024-47176, CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, CVE-2024-29857)

Summary curl, libcurl, jose4j-0.9.3, spring-webmvc-6.0.14, bcprov-jdk18on-1.74, path-to-regexp-1.8.0, spring-web-6.0.11, dompurify-2.2.7 the following dependency packages are being used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerabilit...

8.6CVSS7.3AI score0.93306EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/21 12:44 a.m.6 views

Security Bulletin: IBM Fusion HCI is vulnerable to potential container escapes

Summary An OpenShift or Fusion administrator, or potentially an attacker who gains access to a certain Storage Fusion containers, can gain access to underlying node linux capabilities, increasing the possibility of a container escape such as CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-018...

8.4CVSS6.6AI score0.01944EPSS
Exploits11Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 10:1 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.1CVSS6.5AI score0.01777EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 10:0 p.m.5 views

Security Bulletin: A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution (CVE-2025-7783)

Summary A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution . form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

9.4CVSS6.8AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 8:6 p.m.5 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These vulnerabilities have been addressed in the update. Vulnerability Details CVEID:CVE-2025-30153 DESCRIPTION: kin-openapi is a Go project for handling OpenAPI...

7.5CVSS6.2AI score0.00392EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 2:34 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower OS kernel resulting in Denial of Service

Summary The following kernel issues may result in an unexpected device reload. Vulnerability Details CVEID:CVE-2024-42292 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of...

7.1CVSS5.8AI score0.02559EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 2:31 p.m.4 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service.

Summary The CVE may result in headers being modified in internal NodeJS traffic which could lead to a denial of service. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 ma...

3.4CVSS6.5AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/20 2:19 p.m.5 views

Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)

Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...

7.5CVSS6.7AI score0.47784EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 4:10 p.m.10 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A...

8.8CVSS8.3AI score0.09875EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 3:8 p.m.50 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-11168 DESCRIPTION: The urllib.parse.urlsplit and urlparse functions improperl...

8.8CVSS7.8AI score0.88334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 3:7 p.m.10 views

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. User Entity Behavior Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java...

7.5CVSS8.5AI score0.43407EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 2:43 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2...

7.5CVSS6.6AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 2:8 p.m.3 views

Security Bulletin: IBM Application Modernization Accelerator Developer Tools is affected by an Uncontrolled Recursion vulnerability due to Apache Commons Lang (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Application Modernization Accelerator Developer Tools. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 1:39 p.m.3 views

Security Bulletin: Due to use of netty-codec, IBM Sterling Connect:Direct Web Services is affected by denial of service.

Summary Netty-codec is used by IBM Sterling Connect:Direct Web Services CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

7.5CVSS6.3AI score0.00063EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/17 1:35 p.m.8 views

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications (CVE-2023-27043)

Summary A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve this vulnerability. Vulnerability Details...

5.3CVSS6.4AI score0.00161EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 9:7 p.m.5 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

7.5CVSS8.3AI score0.00125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 8:56 p.m.8 views

Security Bulletin: A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in buffer overflow (CVE-2025-0395).

Summary A vulnerability in RedHat UBI affects IBM Robotic Process Automation for Cloud Pak and may result in buffer overflow. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address this vulnerability...

6.2CVSS7.3AI score0.00071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 7:40 p.m.6 views

Security Bulletin: Technical Support Appliance – possible security flaw in managing memory

Summary A flaw in VKMS Virtual Kernel Mode Setting driver may allow memory to be accessed that is no longer used, potentially exposing security related information Vulnerability Details CVEID:CVE-2025-22097 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: drm/vkms:...

7.8CVSS6.4AI score0.0009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 7:37 p.m.3 views

Security Bulletin: Technical Support Appliance - possible security flaw in managing memory

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is no longer used, potentially exposing security related information. Vulnerability Details CVEID:CVE-2021-47670 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: can:...

7.8CVSS5.9AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 7:28 p.m.13 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws in memory management leading to information disclosure or denial of service

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is already free and a flaw in Virtual Machine Communication Interface VMCI allowed uninitialized kernel memory to be exposed to userspace. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the...

7.8CVSS5.7AI score0.00039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 7:14 p.m.6 views

Security Bulletin: possible security flaw in memory management

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is no longer used, potentially exposing security related information. Vulnerability Details CVEID:CVE-2022-50020 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ext4:...

7.8CVSS6.2AI score0.00051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 3:2 p.m.4 views

Security Bulletin: IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service (DoS) (CVE-2025-36128)

Summary IBM MQ is vulnerable to Slowloris attack which is a type of denial-of-service DoS. Vulnerability Details CVEID:CVE-2025-36128 DESCRIPTION: IBM MQ is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type...

7.5CVSS6.6AI score0.00114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 2:46 p.m.4 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to Information Disclosure (CVE-2025-36002)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36002 DESCRIPTION: IBM Sterling B2B Integrator stores user credentials in configuration files which can be read by a local user...

5.5CVSS5.8AI score0.00012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 1:15 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject...

8.2CVSS8.3AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 12:14 p.m.8 views

Security Bulletin: IBM QRadar Investigation Assistant app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Investigation Assistant app for IBM QRadar SIEM has addressed the applicable CVEs Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...

8.7CVSS6.5AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 11:43 a.m.9 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-53905 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow...

8.2CVSS7.3AI score0.00292EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 7:34 a.m.5 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary d3-color and brace-expansion vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.3.0. Those libraries are used in the UI components of IBM Business Automation Manager Open Editions. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was fou...

3.1CVSS5.9AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 6:59 a.m.2 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by multiple vulnerabilities due to IBM Java.

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, is affected by multiple vulnerabilities CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 . This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

8.6CVSS6.7AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/16 6:57 a.m.2 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in commons-lang3-3.17.0.jar (CVE-2025-48924)

Summary IBM Sterling Connect:Direct Web Services is affected by an uncontrolled recursion vulnerability in commons-lang3-3.17.0. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apac...

5.3CVSS6.7AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 4:29 p.m.9 views

Security Bulletin: IBM Java Updates to Address Latest Vulnerabilities

Summary This update addresses recent vulnerabilities found in the Java Runtime Environment JRE. It addresses the following CVEs: CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, and CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...

8.1CVSS6.3AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 4:0 p.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to symlink validation bypass due to tar-fs ( CVE-2025-59343 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors arevulnerable to symlink validation bypass due to tar-fs. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream...

8.7CVSS6.2AI score0.00033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 2:47 p.m.14 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS8.7AI score0.01278EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 1:53 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in Java affect IBM Robotic Process Automation

Summary Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

7.8CVSS6.7AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 1:12 p.m.2 views

Security Bulletin: Ehcache library of IBM Terracotta hash flooding DoS vulnerability

Summary The Ehcache 3.x component library of IBM Terracotta was found to have a hash flooding DoS vulnerability that can affect applications that use cache keys directly sourced from end users. Vulnerability Details CVEID:CVE-2025-2529 DESCRIPTION: Applications using affected versions of Ehcache...

3.7CVSS6.6AI score0.00025EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/10/15 12:45 p.m.7 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR includes components affected by known vulnerabilities e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in this update. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found i...

8.7CVSS6.6AI score0.01201EPSS
Exploits2Affected Software1
Total number of security vulnerabilities34926