Lucene search
K

35661 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday4 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details CVEID:CVE-2026-9563 DESCRIPTION: In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maxim...

7.5CVSS5.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty (bundled with IBM Enterprise Application Runtimes) are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability (CVE-2026-11806)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM watsonx.data integration is vulnerable to authorization bypass due to the Moby package (CVE-2026-33997, CVE-2026-34040)

Summary Moby is used by IBM watsonx.data integration as part of container processing. Vulnerability Details CVEID:CVE-2026-33997 DESCRIPTION: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to...

8.8CVSS6AI score0.08123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM watsonx.data integration is vulnerable to payload verification errors due to the go-git package (CVE-2026-45022)

Summary go-git is used by IBM watsonx.data integration as part of repository handling. Vulnerability Details CVEID:CVE-2026-45022 DESCRIPTION: go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way...

7.5CVSS5.9AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

9.8CVSS6.5AI score0.00781EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3,...

7.5CVSS6.1AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-48779 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4,...

10CVSS6AI score0.00782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM WebSphere Application Server, bundled with IBM WebSphere Remote Server, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by uncontrolled resource consumption and denial of service. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain...

7.5CVSS6AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS7.5AI score0.51547EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00838EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday11 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

7.5CVSS6.8AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday13 views

Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)

Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...

7.8CVSS6.7AI score0.96267EPSS
Exploits228Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar App SDK has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION:...

9.8CVSS6.2AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-50193 DESCRIPTION: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data...

8.1CVSS5.9AI score0.00677EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday4 views

Security Bulletin: IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details CVEID:CVE-2026-8408 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site request forgery, caused by improper...

6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Vulnerabilities in log4j, IBM WebSphere Profile and IBM Semeru Java (CVE-2026-34477, CVE-2026-34480, CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268) affect PowerVM Novalink

Summary The log4j, IBM WebSphere Liberty Profile and IBM Semeru Java are used by PowerVM Novalink. PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere...

7.5CVSS5.9AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...

7.5CVSS6AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix...

7.5CVSS6.4AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-681...

7.5CVSS6.3AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478

Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

7.5CVSS6.3AI score0.00831EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday7 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers. CVE-2025-27789 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

6.2CVSS6.5AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs. CVE-2026-8723 The vulenrabilty have been addressed. Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat:...

6.3CVSS7.1AI score0.00351EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...

3.2CVSS5.9AI score0.00138EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities

Summary The security issue described in CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed ...

8.5CVSS5.9AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server affected by a remote code execution vulnerability

Summary The security issue described in CVE-2026-11536 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling

Summary The security issue described in CVE-2026-11541 has been identified in the WebSphere Application Server and WebSphere Application Server Liberty included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins...

9.8CVSS5.9AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by HTTP request smuggling and a denial of service

Summary The security issue described in CVE-2026-9071 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS5.9AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...

9.6CVSS6.8AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

9.1CVSS6.9AI score0.00513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway

Summary Security vulnerabilities have been addressed in IBM Application Gateway Vulnerability Details CVEID:CVE-2026-40355 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism...

5.9CVSS6AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Vulnerable Version of Software in Use

Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-31790 DESCRIPTION: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact...

7.5CVSS7.4AI score0.00981EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: Vulnerable Version of Software in Use

Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-28390 DESCRIPTION: Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that...

7.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Multiple Vulnerabilities in pyasn1 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include pyasn1 . It is susceptible to DoS, vulnerability CVE-2026-23490, CVE-2026-30922 Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior ...

7.5CVSS6.6AI score0.00679EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by multiple vulnerabilities (CVE-2026-8646, CVE-2026-9320, CVE-2026-9071)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling and a denial of service. This affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1,...

9.1CVSS5.9AI score0.00338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS6.6AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS6.6AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Multiple Vulnerabilities in urllib3 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include urllib3. It is susceptible to SSRF, high CPU usage and massive memory allocation vulnerabilities CVE-2025-50181, CVE-2025-66418, CVE-2025-66471,CVE-2026-21441 Vulnerability Details...

8.9CVSS6.8AI score0.02667EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35661