Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts....

7.5CVSS6.4AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:23 a.m.17 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-2148 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this...

7.5CVSS4AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:23 a.m.35 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in grpc-js-1.7.3.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in grpc-js-1.7.3.tgz Vulnerability Details CVEID:CVE-2024-37168 DESCRIPTION: @grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9,...

5.3CVSS6.7AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:13 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in urllib3-2.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3...

6.1CVSS6.2AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:13 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an...

8.2CVSS6.4AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:13 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz Vulnerability Details CVEID:CVE-2024-34342 DESCRIPTION: react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with...

7.1CVSS6.3AI score0.01064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:13 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pdfjs-dist-2.4.456.tgz Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js...

8.8CVSS8.7AI score0.72648EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:12 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion-1.1.11.tgz Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

3.1CVSS3.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:9 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in requests-2.32.2-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in requests-2.32.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc...

5.3CVSS6.1AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:8 a.m.22 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...

8.7CVSS6.2AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:8 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in...

7.5CVSS5.4AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:7 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in llama_index-0.12.29-py3-none-any.whl CVE-2025-1793

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in llamaindex-0.12.29-py3-none-any.whl CVE-2025-1793 Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection...

9.8CVSS9.9AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:6 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools-70.3.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in setuptools-70.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python package...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in dompurify-3.2.5.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in dompurify-3.2.5.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current...

7.5CVSS5.8AI score0.00394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.17 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource...

7.5CVSS8.2AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.15 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in flask-3.1.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-47278 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key...

1.8CVSS6.1AI score0.00153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.17 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this...

4.8CVSS3.3AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:2 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-3000 DESCRIPTION: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function...

7.5CVSS3.1AI score0.004EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:0 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fa...

6.3CVSS7AI score0.02357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:59 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable-2.1.0.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable-2.1.0.tgz Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for...

3.1CVSS6.4AI score0.00357EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:57 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers...

6.5CVSS4.6AI score0.00384EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:36 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jinja2-3.1.5-py3-none-any.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jinja2-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment...

8.8CVSS7.8AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:32 a.m.29 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in h11-0.14.0-py3-none-any.whl CVE-2025-43859 Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of...

9.1CVSS7.5AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 10:6 a.m.6 views

Security Bulletin: IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability (CVE-2025-10725)

Summary IBM Cloud Red Hat Openshift AI Addon is affected by a security vulnerability in the Red Hat Openshift AI operator. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full...

9.9CVSS6.7AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 5:19 a.m.6 views

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...

8.8CVSS6.8AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 10:25 p.m.9 views

Security Bulletin: Local File Inclusion (LFI) vulnerability in IBM Content Navigator

Summary A Local File Inclusion LFI vulnerability has been identified in IBM Content Navigator ICN, where an authenticated attacker can exploit an HTTPS request URL in a way that it will return content of any file from the server where ICN is running. Vulnerability Details CVEID:CVE-2025-27906...

5.3CVSS6.3AI score0.00279EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 8:1 p.m.2 views

Security Bulletin: Security Vulnerabilities in Java libraries affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In...

7.5CVSS6.5AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 6:31 p.m.9 views

Security Bulletin:IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

7.5CVSS8.2AI score0.01094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 6:17 p.m.3 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK ( CVE-2025-30761 & CVE-2025-30754 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Access Control and Deserialization of Untrusted Data due to IBM Java SDK. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition...

5.9CVSS7AI score0.00551EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 6:4 p.m.8 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2016-5725) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE,...

5.9CVSS6.8AI score0.24143EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 6:2 p.m.6 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36047) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by...

7.5CVSS6.9AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 5:59 p.m.5 views

Security Bulletin: Vulnerability in Apache Commons Lang (CVE-2025-48924) affects IBM PowerVM Novalink.

Summary Apache Commons Lang is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting...

5.3CVSS8.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 5:56 p.m.7 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2024-56339) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow ...

7.5CVSS8.9AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 5:54 p.m.11 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36000) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Thi...

4.8CVSS6.1AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 5:52 p.m.10 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-36124) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS6.6AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 2:44 p.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.305 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix...

9.8CVSS7.2AI score0.01735EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 10:58 a.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-8885], [CVE-2025-8916]

Summary Bouncycastle bcprov is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the reported...

6.3CVSS6.3AI score0.00505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 9:21 a.m.4 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution and Server-Side Request Forgery (CVE-2025-27818, CVE-2025-27817)

Summary IBM Event Streams is vulnerable to remote code execution via unsafe deserialization in Kafka Connect configurations, and another enabling server-side request forgery and arbitrary file read through misconfigured OAuthBearer endpoints in Kafka Clients. Vulnerability Details...

8.8CVSS7.9AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 6:11 a.m.12 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console. (CVE-2023-51775, CVE-2023-23916, CVE-2025-27363, CVE-2024-38819, CVE-2024-45801, CVE-2024-47176, CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, CVE-2024-29857)

Summary curl, libcurl, jose4j-0.9.3, spring-webmvc-6.0.14, bcprov-jdk18on-1.74, path-to-regexp-1.8.0, spring-web-6.0.11, dompurify-2.2.7 the following dependency packages are being used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerabilit...

8.6CVSS7.3AI score0.76959EPSS
Exploits25Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/21 12:44 a.m.7 views

Security Bulletin: IBM Fusion HCI is vulnerable to potential container escapes

Summary An OpenShift or Fusion administrator, or potentially an attacker who gains access to a certain Storage Fusion containers, can gain access to underlying node linux capabilities, increasing the possibility of a container escape such as CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-018...

8.4CVSS6.6AI score0.25151EPSS
Exploits11Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 10:1 p.m.9 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.1CVSS6.5AI score0.01437EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 10:0 p.m.6 views

Security Bulletin: A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution (CVE-2025-7783)

Summary A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution . form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

9.4CVSS6.8AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 8:6 p.m.8 views

Security Bulletin: IBM Security QRadar Log Management AQL Plugin includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These vulnerabilities have been addressed in the update. Vulnerability Details CVEID:CVE-2025-30153 DESCRIPTION: kin-openapi is a Go project for handling OpenAPI...

7.5CVSS6.2AI score0.00856EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 2:34 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower OS kernel resulting in Denial of Service

Summary The following kernel issues may result in an unexpected device reload. Vulnerability Details CVEID:CVE-2024-42292 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: kobjectuevent: Fix OOB access within zapmodaliasenv zapmodaliasenv wrongly calculates size of...

7.1CVSS5.8AI score0.00809EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 2:31 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service.

Summary The CVE may result in headers being modified in internal NodeJS traffic which could lead to a denial of service. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 ma...

3.4CVSS6.5AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/20 2:19 p.m.5 views

Security Bulletin: Vulnerability in Apache Batik library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2022-40146)

Summary Apache Batik library is used by Tivoli Netcool/OMNIbus WebGUI as part of Gauges and Map viewing component. Vulnerability Details CVEID:CVE-2022-40146 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar...

7.5CVSS6.7AI score0.05791EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/17 4:10 p.m.10 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: A...

8.8CVSS8.3AI score0.02617EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/17 3:8 p.m.55 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-11168 DESCRIPTION: The urllib.parse.urlsplit and urlparse functions improperl...

8.8CVSS7.8AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/17 3:7 p.m.10 views

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. User Entity Behavior Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java...

7.5CVSS8.5AI score0.03754EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/17 2:43 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios which is vulnerable to this CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2...

7.5CVSS6.6AI score0.01099EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608