Lucene search
K

35778 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 9:27 p.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM Operator for PostgreSQL

Summary Multiple vulnerabilities were addressed in IBM Operator for PostgreSQL version v28.3.3. Vulnerability Details CVEID:CVE-2026-45447 DESCRIPTION: Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact...

8.8CVSS7.8AI score0.02719EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:38 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and...

9.8CVSS6.6AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:28 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Spring Boot

Summary Multiple vulnerabilities in Spring Boot that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when...

9.8CVSS7.3AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.4 views

Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...

9.6CVSS5.8AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:23 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.4.0 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerab...

8.7CVSS7.3AI score0.00663EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:37 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks

Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...

7.5CVSS5.8AI score0.00623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:29 p.m.8 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Denial of Service (Dos) attacks, and Incorrect Authorization attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41850 DESCRIPTION: Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By...

7.5CVSS5.9AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:27 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Spring Security vulnerability that could allow Redirection to Untrusted Sites and Denial of Service (Dos) attacks

Summary IBM Terracotta uses Spring Security as an application security framework within the product. Vulnerability Details CVEID:CVE-2026-40988 DESCRIPTION: An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a...

7.5CVSS5.8AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:25 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Spring Security vulnerability that could allow Redirection to Untrusted Sites

Summary IBM Terracotta uses Spring Security as an application security framework within the product. CVE-2026-41706 Vulnerability Details CVEID:CVE-2026-41706 DESCRIPTION: Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cooki...

6.1CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:23 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Cross-site Scripting attacks, Denial of Service (DoS) attacks, and Server-Side Request Forgery attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41839 DESCRIPTION: A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack...

7.1CVSS5.7AI score0.00247EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:21 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Information Disclosure, Denial of Service (Dos) attacks, and Path Traversal attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41841 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring...

7.5CVSS5.8AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:9 p.m.3 views

Security Bulletin: IBM Terracotta is affected by multiple Spring Framework vulnerabilities that could allow exploiting WebSocket sessions and cross-site scripting

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41838 DESCRIPTION: IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination...

7.5CVSS5.5AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...

9.8CVSS6.5AI score0.0178EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.3 views

Security Bulletin: Vulnerabilities in jackson-core and UUID might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jackson-core and UUID. Vulnerabilities include jackson-core will throw a StreamConstraintsException if the limit is reached, vulnerable to a Denial of Service DoS attack and making unexpected writes when...

8.7CVSS5.8AI score0.00634EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...

8.2CVSS7.3AI score0.01594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:2 p.m.7 views

Security Bulletin: Vulnerabilities in Moment-Timezone and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Moment-Timezone and Node.js. Vulnerabilities include an attacker could exploit this vulnerability to execute arbitrary commands on the system and an attacker could exploit this vulnerability to launch a...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:58 p.m.3 views

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:53 p.m.3 views

Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...

9.8CVSS7.7AI score0.01735EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 3:16 p.m.6 views

Security Bulletin: Multiple vulnerabilities impacts AIX due to cURL libcurl (CVE-2025-14819, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-5545)

Summary Multiple vulnerabilities in the curl/libcurl are related to TLS certificate validation logic and unauthorized actions. Vulnerability Details CVEID:CVE-2025-14819 DESCRIPTION: When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN optio...

5.3CVSS6.1AI score0.00679EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 2:50 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect IBM® Db2® Big SQL on IBM Software Hub.

Summary Multiple vulnerabilities have been addressed in IBM® Db2® Big SQL on IBM Software Hub. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

9.8CVSS7.5AI score0.01735EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 12:10 p.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. Following IBM Engineering Lifecycle Management products a...

9.8CVSS5.8AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 12:9 p.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Following IBM Engineering...

9.8CVSS5.8AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 12:6 p.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management products may be affected by a privilege escalation vulnerability due to restConnector feature in WebSphere Application Server Liberty (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM...

7.2CVSS5.8AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:58 a.m.8 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.3.0.0, 6.2.4.4, and 6.2.3.6. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression i...

8.7CVSS6.2AI score0.02448EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:54 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736

Summary IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source...

7.5CVSS5.8AI score0.00745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:31 a.m.9 views

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

7.5CVSS6.8AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:22 a.m.7 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-11541, CVE-2026-11536, CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...

9.8CVSS6.3AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:6 a.m.17 views

Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...

10CVSS7.9AI score0.38701EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 9:25 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Cloud Pak System [CVE-2024-56339. CVE-2023-50314]

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

7.5CVSS6.8AI score0.004EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 9:15 a.m.6 views

Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]

Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...

5CVSS6.5AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:52 a.m.4 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2026-34282,CVE-2026-22016,CVE-2026-23865,CVE-2026-22021,CVE-2026-22013,CVE-2026-22018,CVE-2026-22008,CVE-2026-34268,CVE-2026-22007,CVE-2026-6918)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

8.7CVSS7.4AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:2 a.m.4 views

Security Bulletin: There is a vulnerability in idna-3.13-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-45409)

Summary There is a vulnerability in idna-3.13-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-45409 DESCRIPTION: Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domai...

6.9CVSS5.7AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:1 a.m.3 views

Security Bulletin: There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-44431)

Summary There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followe...

8.9CVSS5.8AI score0.0068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:15 a.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.12.0 Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandl...

9.1CVSS6.5AI score0.00969EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:8 a.m.3 views

Security Bulletin: Vulnerabilities in cryptography, pyOpenSSL & golang affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in pyOpenSSL & cryptography. IBM Storage Protect Plus Guest Applications is affected by vulnerabilities in golang Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a...

9.8CVSS5.9AI score0.02593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:48 a.m.3 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-5516 DESCRIPTION: IBM WebSphere Application Server - Liberty 22.0.0.11...

7.5CVSS5.8AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 8:15 p.m.9 views

Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]

Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...

8.8CVSS6.9AI score0.01548EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:40 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System

Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacke...

8.1CVSS6.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:37 p.m.7 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow a Regular Expression Denial of Service (ReDoS) attack

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41848 DESCRIPTION: Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then...

7.5CVSS5.8AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:25 p.m.12 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

7.5CVSS6AI score0.00384EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:16 p.m.16 views

Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...

7.5CVSS6AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:2 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...

9.1CVSS6AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:37 p.m.7 views

Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus

Summary IBM Storage Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Netty, Picomatch . Vulnerabilities include stack-based buffer overflow, improper encoding or escaping of output, deserialization of untrusted data, improper restriction of operations within the bounds of a memo...

9.1CVSS7.3AI score0.0504EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:13 p.m.9 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

9.1CVSS5.9AI score0.01557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:53 p.m.3 views

Security Bulletin: IBM MQ Appliance is affected by a Linux kernel vulnerability (CVE-2024-41073)

Summary IBM MQ appliance has addressed a Linux kernel vulnerability. Vulnerability Details CVEID:CVE-2024-41073 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fai...

7.8CVSS5.6AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:53 p.m.4 views

Security Bulletin: IBM MQ Appliance appliance is affected by multiple Java vulnerabilities

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability...

8.7CVSS6.1AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:40 p.m.3 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler...

10CVSS6AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:33 p.m.3 views

Security Bulletin: Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS

Summary Langflow OSS contains unauthenticated access vulnerability in /api/v1/buildpublictmp/ router endpoints allowing arbitrary jobid access without authentication or authorization checks. Two endpoints affected: 1 GET /buildpublictmp/jobid/events chat.py:758 streams live build events for any...

9.1CVSS6.1AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 4:30 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.2.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

9.8CVSS6.6AI score0.01339EPSS
Exploits4Affected Software1
Total number of security vulnerabilities35778