Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:18 p.m.6 views

Security Bulletin: Vulnerability in tar-fs package affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in tar-fs has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.4AI score0.00806EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:18 p.m.2 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.2CVSS6.8AI score0.00554EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:18 p.m.4 views

Security Bulletin: Vulnerability in JSON affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in JSON has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS6.5AI score0.00163EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:18 p.m.11 views

Security Bulletin: Vulnerability in Babel affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

6.2CVSS6.7AI score0.0006EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:18 p.m.4 views

Security Bulletin: Vulnerability in BIND affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in BIND has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.4AI score0.00282EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 1:17 p.m.6 views

Security Bulletin: Vulnerability in WebFlux.fn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in WebFlux.fn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS6.6AI score0.9389EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 12:7 p.m.5 views

Security Bulletin: IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar

Summary IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar. CWE-400 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 11:37 a.m.4 views

Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36202 Vulnerability Details CVEID:CVE-2025-36202 DESCRIPTION: IBM webMethods Integration could allow an authenticated user with required execute Services to execute commands on...

8.8CVSS8.1AI score0.00035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 11:8 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in July 2025 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle...

8.1CVSS6.4AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/22 8:41 a.m.10 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang...

7.5CVSS5.8AI score0.01278EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:38 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48...

7.5CVSS6.9AI score0.00092EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:38 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in...

6.5CVSS6.4AI score0.00032EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:38 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-3000 DESCRIPTION: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The...

7.5CVSS5.4AI score0.0015EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:36 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in request-2.88.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of request-2.88.2.tgz Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol...

6.1CVSS6.6AI score0.00557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:35 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of protobuf-5.29.3-cp310-abi3-win32.whl Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS6.7AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:35 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function...

4.8CVSS5.4AI score0.00093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:33 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

8.2CVSS6.5AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:27 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nimbus-jose-jwt-9.24.4.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nimbus-jose-jwt-9.24.4.jar Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header valu...

7.5CVSS6.5AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:27 a.m.16 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory lea...

7.5CVSS7.1AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:27 a.m.16 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

8.7CVSS6.7AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:26 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jinja2-3.1.5-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jinja2-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr...

8.8CVSS7.1AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:21 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/net-v0.25.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/net-v0.25.0 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely...

5.3CVSS6.5AI score0.00046EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:17 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/crypto-v0.33.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/crypto-v0.33.0 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key...

7.5CVSS6.5AI score0.00591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 11:16 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-3.2.4.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE:...

7.5CVSS6.3AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 12:57 a.m.4 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec CVE-2025-58056, CVE-2025-55163, CVE-2025-58057. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network...

8.2CVSS6.6AI score0.00097EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/20 12:54 a.m.16 views

Security Bulletin: IBM SPSS Analytic Server is affected by a Denial of Service (DoS) vulnerability in Apache Commons FileUpload.

Summary IBM SPSS Analytic Server is affected by a Denial of Service DoS vulnerability in Apache Commons FileUpload. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits...

7.5CVSS6.7AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/19 6:17 p.m.7 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox CVE-2022-40151, CVE-2022-40155, CVE-2022-40153, CVE-2022-40152, CVE-2022-40154, CVE-2022-40156. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-40151...

7.5CVSS6.5AI score0.00803EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/19 5:33 p.m.8 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339,CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS6.8AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/19 3:46 p.m.5 views

Security Bulletin: TOCTOU Race Condition in gosnowflake Logging Configuration Allows Local Privilege Misuse (Fixed in 1.13.3), affects watsonx.data

Summary gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On...

7CVSS6.4AI score0.00091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 4:37 p.m.3 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (July 2025)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:54 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) Vulnerability in IBM Lakehouse Web UI Enables Privileged Code Injection, affects watsonx.data

Summary IBM Lakehouse is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This can affect...

5.5CVSS6.1AI score0.0003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:54 p.m.4 views

Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data

Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...

5.9CVSS5.9AI score0.00326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:53 p.m.4 views

Security Bulletin: Sensitive Information Disclosure in IBM Lakehouse Through Stack Traces , affects watsonx.data

Summary IBM Lakehouse could potentially reveal sensitive information from stack traces that could be read by a local privileged user. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36146 DESCRIPTION: IBM Lakehouse could potentially reveal sensitive information from stack trace...

4.3CVSS5.9AI score0.0005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:51 p.m.8 views

Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:19 p.m.6 views

Security Bulletin: IBM Lakehouse Command Injection via Insufficient Input Sanitization , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36143 DESCRIPTION: IBM Lakehouse could allow an authenticated...

7.2CVSS7.3AI score0.00041EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 7:50 a.m.10 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.304 Vulnerability Details CVEID:CVE-2025-8194 DESCRIPTION: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration...

7.8CVSS7AI score0.01007EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 7:31 p.m.10 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java

Summary IBM Enterprise Application Service for Java is affected by multiple vulnerabilities found in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...

7.5CVSS7.1AI score0.01278EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:39 p.m.4 views

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

3.4CVSS8.9AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:35 p.m.9 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic

Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...

6.9CVSS6.4AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:31 p.m.3 views

Security Bulletin: IBM Watsonx BI is affected by use of jose v6.0.10 and was discovered to contain weak encryption

Summary IBM Watsonx BI is affected by use of jose v6.0.10 where the library uses a weak encryption algorithm, allowing an attacker to decrypt sensitive data Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a...

7CVSS7.1AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:29 p.m.6 views

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...

7.8CVSS7.1AI score0.00028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:23 p.m.3 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data

Summary Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data. This is starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. Vulnerability...

7.5CVSS6.9AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 5:19 p.m.6 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic.

Summary Watsonx BI has a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity...

7.5CVSS6.3AI score0.00544EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 1:40 p.m.23 views

Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.303 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure...

9.1CVSS7.9AI score0.07539EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 10:47 a.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...

8.1CVSS6.1AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/17 10:41 a.m.15 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...

7.8CVSS6.6AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 11:56 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System

Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...

5.3CVSS5.6AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 7:29 p.m.6 views

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

9.4CVSS6.7AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 5:56 p.m.7 views

Security Bulletin: SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities (CVE-2025-8916, CVE-2025-8885, CVE-2025-48976)

Summary SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities CVE-2025-8916, CVE-2025-8885, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

7.5CVSS6.8AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 3:6 p.m.5 views

Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)

Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...

5.9CVSS6.4AI score0.00031EPSS
Exploits0Affected Software2
Total number of security vulnerabilities34926