Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35328 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2026/06/11 3:0 p.m.•6 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)

Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...

6.3CVSS6.1AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/11 2:50 p.m.•3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718

Summary IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

9.9CVSS6.5AI score0.01075EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/11 12:9 p.m.•5 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...

9.9CVSS6.6AI score0.00831EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/11 7:42 a.m.•11 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management . Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting...

7.5CVSS5.4AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/11 7:12 a.m.•6 views

Security Bulletin: Due to the use of Netty, IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Netty Vulnerability Details CVEID:CVE-2026-42580 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int,...

9.8CVSS5.7AI score0.00545EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 6:6 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

7.5CVSS6.6AI score0.00882EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 5:54 p.m.•5 views

Security Bulletin: IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang

Summary IBM SPSS Modeler is affected by vulnerabilities in Apache POI and Apache Commons Lang. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML...

5.3CVSS6.2AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 4:25 p.m.•6 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing affected by a race condition in Eclipse Jersey (CVE-2025-12383)

Summary A critical race condition CVE-2025-12383 has been identified in the Eclipse Jersey client library jersey-client-2.26.jar used by IBM Engineering Lifecycle Optimization - Engineering Publishing. Under high-concurrency conditions, a flaw in the HTTPS client's lazy initialization flow can...

9.4CVSS7.5AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 3:49 p.m.•5 views

Security Bulletin: Multiple security vulnerabilities have been found in IBM Security Directory Integrator

Summary Security vulnerabilities have been addressed in IBM Security Directory Integrator Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity...

8.1CVSS6.6AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 2:8 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867

Summary IBM Maximo Scheduler Optimizer uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time...

7.5CVSS5.5AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 12:21 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3...

6.1CVSS7.4AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 10:14 a.m.•18 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS5.4AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 10:11 a.m.•9 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 10:7 a.m.•8 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by an identity spoofing vulnerability

Summary The security issue described in CVE-2026-8644 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9.1CVSS5.3AI score0.00318EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 10:4 a.m.•11 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed WebSphere Application Server traditional is affected by remote code execution

Summary The security issue described in CVE-2026-9319 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

9CVSS5.3AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 10:0 a.m.•13 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is affected by remote code execution.

Summary The security issue described in CVE-2026-9330 and CVE-2026-9311 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS5.4AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 7:46 a.m.•8 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...

9.8CVSS7.4AI score0.93418EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/10 6:46 a.m.•5 views

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-39925, CVE-2025-39979 Vulnerability Details CVEID:CVE-2025-39925 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement...

5.5CVSS5.3AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 10:45 p.m.•32 views

Security Bulletin: IBM i is Affected by Privilege Escalation [CVE-2026-7870]

Summary IBM i is vulnerable to privilege escalation due to an unqualified library call CVE-2026-7870 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-7870 DESCRIPTION: IBM i could allow a user to gain elevated privileges due to an unqualified library call. A...

8.8CVSS5.5AI score0.00343EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 9:36 p.m.•50 views

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...

5.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:55 p.m.•19 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is affected by multiple vulnerabilities when using Web Server Plug-ins

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

5.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:44 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is...

9.8CVSS6.9AI score0.00611EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:40 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in file-type-16.5.4.tgz Vulnerability Details CVEID:CVE-2026-31808 DESCRIPTION: file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type...

5.3CVSS5.5AI score0.00325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:39 p.m.•6 views

Security Bulletin:IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.7AI score0.00421EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:30 p.m.•9 views

Security Bulletin: Multiple vulnerabilities due to libexpat have been identified in IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

5.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:28 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

9.8CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:26 p.m.•11 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in ip-address-9.0.5.tgz Vulnerability Details CVEID:CVE-2026-42338 DESCRIPTION: ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not...

6.1CVSS5AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:24 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.9.tgz Vulnerability Details CVEID:CVE-2026-29786 DESCRIPTION: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory ...

8.2CVSS6.1AI score0.00276EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:22 p.m.•6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization...

6.1CVSS7.4AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:16 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28804 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which...

6.9CVSS5.3AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:13 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...

7.9CVSS6.2AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:11 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in i18next-http-backend-1.4.5.tgz Vulnerability Details CVEID:CVE-2026-41691 DESCRIPTION: Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a...

9.1CVSS5.4AI score0.00251EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 3:7 p.m.•6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in uuid-3.3.2.tgz Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writ...

9.3CVSS5.4AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 2:59 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...

6.9CVSS5.4AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 2:58 p.m.•7 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS5.4AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 2:57 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.14.2.tgz Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is...

6.3CVSS5.5AI score0.00351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 2:53 p.m.•6 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2026-9311, CVE-2026-9330)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and Versions|...

9CVSS6.3AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 1:53 p.m.•9 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager due to the April 2026 Java CPU

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Application Server...

5.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 1:11 p.m.•7 views

Security Bulletin: DevOps Test Performance / Rational Performance Tester contains a vulnerability related to use of the AsyncHttpClient (AHC) library

Summary Due to use of the AsyncHttpClient AHC library, DevOps Test Performance / Rational Performance Tester, contains a potential vulnerability exposing sensitive session cookies or other credentials. CVE-2026-45300 Vulnerability Details CVEID:CVE-2026-45300 DESCRIPTION: The AsyncHttpClient AHC...

7.4CVSS5.5AI score0.00322EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 8:37 a.m.•7 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to xmldom (CVE-2026-41672, CVE-2026-41673, CVE-2026-41674 & CVE-2026-41675)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to xmldom. Vulnerability Details CVEID:CVE-2026-41672 DESCRIPTION: xmldom is a pure...

8.7CVSS5.6AI score0.00557EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 8:17 a.m.•8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Uncontrolled Recursion due to Node.js module yaml (CVE-2026-33532)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to Uncontrolled Recursion due to Node.js module yaml. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...

4.3CVSS5.8AI score0.00469EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 8:4 a.m.•5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to FTP command injection and denial of service due to Node.js module basic-ftp ( CVE-2026-39983 & CVE-2026-41324 )

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to FTP command injection and denial of service due to Node.js module basic-ftp. Vulnerability Details CVEID:CVE-2026-399...

8.6CVSS5.6AI score0.01945EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 6:7 a.m.•8 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include denial of service issues in the Linux kernel and Python components, command injection vulnerabilities in Python's imapli...

8.8CVSS7.6AI score0.01468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/09 5:21 a.m.•5 views

Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...

9.8CVSS6.1AI score0.99931EPSS
Exploits42Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 10:23 p.m.•6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...

9.8CVSS6.3AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 10:21 p.m.•5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component...

9.8CVSS6.3AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 10:3 p.m.•7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerabilit...

9.8CVSS6.3AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 9:20 p.m.•8 views

Security Bulletin: Security Vulnerabilities have been identified in IBM WebSphere Application Server bundled with IBM Financial Transaction Manager v3

Summary IBM WebSphere Application Server is bundled with IBM Financial Transaction Manager v3. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9CVSS6.2AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 8:9 p.m.•7 views

Security Bulletin: IBM i is Affected By Various Vulnerabilities in OpenSSH [CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388]

Summary OpenSSH for IBM i is vulnerable to improper preservation of permssions when using scp CVE-2026-35385, command execution via shell metacharacters in a username CVE-2026-35386, use of unintended algorithms CVE-2026-35387, and omitting connection multiplexing confirmation CVE-2026-35388 as...

8.1CVSS5.7AI score0.00289EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins•added 2026/06/08 8:7 p.m.•10 views

Security Bulletin: IBM i is Affected By NULL Pointer Dereference, Use Afer Free, and Out-of-Bounds Write Vulnerabilities in OpenSSL [CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-28387, CVE-2026-31789]

Summary OpenSSL for IBM i is vulnerable to NULL pointer derefences when processing either a delta CRL indicator extension CVE-2026-28388 or CMS EnvelopedData message with KeyAgreeRecipientInfo CVE-2026-28389, CVE-2026-28390, and use after free when using DANE TLSA-based server authentication...

9.8CVSS8.7AI score0.00885EPSS
Exploits0Affected Software5
Total number of security vulnerabilities35328