35778 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Operator for PostgreSQL
Summary Multiple vulnerabilities were addressed in IBM Operator for PostgreSQL version v28.3.3. Vulnerability Details CVEID:CVE-2026-45447 DESCRIPTION: Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty
Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Spring Boot
Summary Multiple vulnerabilities in Spring Boot that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when...
Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem
Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...
Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D
Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.4.0 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerab...
Security Bulletin: IBM Terracotta is affected by a Micrometer vulnerability that could allow Denial of Service (Dos) attacks
Summary IBM Terracotta uses Micrometer, a popular Java library used in Spring applications, for application monitoring within the product. Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a...
Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Denial of Service (Dos) attacks, and Incorrect Authorization attacks
Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41850 DESCRIPTION: Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By...
Security Bulletin: IBM Terracotta is affected by a Spring Security vulnerability that could allow Redirection to Untrusted Sites and Denial of Service (Dos) attacks
Summary IBM Terracotta uses Spring Security as an application security framework within the product. Vulnerability Details CVEID:CVE-2026-40988 DESCRIPTION: An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a...
Security Bulletin: IBM Terracotta is affected by a Spring Security vulnerability that could allow Redirection to Untrusted Sites
Summary IBM Terracotta uses Spring Security as an application security framework within the product. CVE-2026-41706 Vulnerability Details CVEID:CVE-2026-41706 DESCRIPTION: Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cooki...
Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Cross-site Scripting attacks, Denial of Service (DoS) attacks, and Server-Side Request Forgery attacks
Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41839 DESCRIPTION: A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack...
Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Information Disclosure, Denial of Service (Dos) attacks, and Path Traversal attacks
Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41841 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring...
Security Bulletin: IBM Terracotta is affected by multiple Spring Framework vulnerabilities that could allow exploiting WebSocket sessions and cross-site scripting
Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41838 DESCRIPTION: IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination...
Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...
Security Bulletin: Vulnerabilities in jackson-core and UUID might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jackson-core and UUID. Vulnerabilities include jackson-core will throw a StreamConstraintsException if the limit is reached, vulnerable to a Denial of Service DoS attack and making unexpected writes when...
Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...
Security Bulletin: Vulnerabilities in Moment-Timezone and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Moment-Timezone and Node.js. Vulnerabilities include an attacker could exploit this vulnerability to execute arbitrary commands on the system and an attacker could exploit this vulnerability to launch a...
Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)
Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...
Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...
Security Bulletin: Multiple vulnerabilities impacts AIX due to cURL libcurl (CVE-2025-14819, CVE-2026-1965, CVE-2026-3783, CVE-2026-3784, CVE-2026-5545)
Summary Multiple vulnerabilities in the curl/libcurl are related to TLS certificate validation logic and unauthorized actions. Vulnerability Details CVEID:CVE-2025-14819 DESCRIPTION: When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN optio...
Security Bulletin: Multiple vulnerabilities affect IBM® Db2® Big SQL on IBM Software Hub.
Summary Multiple vulnerabilities have been addressed in IBM® Db2® Big SQL on IBM Software Hub. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...
Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917)
Summary IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. Following IBM Engineering Lifecycle Management products a...
Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)
Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Following IBM Engineering...
Security Bulletin: IBM Engineering Lifecycle Management products may be affected by a privilege escalation vulnerability due to restConnector feature in WebSphere Application Server Liberty (CVE-2025-14915)
Summary IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager.
Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.3.0.0, 6.2.4.4, and 6.2.3.6. Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression i...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736
Summary IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source...
Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...
Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-11541, CVE-2026-11536, CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about multiple vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in...
Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...
Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Cloud Pak System [CVE-2024-56339. CVE-2023-50314]
Summary Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...
Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]
Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2026-34282,CVE-2026-22016,CVE-2026-23865,CVE-2026-22021,CVE-2026-22013,CVE-2026-22018,CVE-2026-22008,CVE-2026-34268,CVE-2026-22007,CVE-2026-6918)
Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Security Bulletin: There is a vulnerability in idna-3.13-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-45409)
Summary There is a vulnerability in idna-3.13-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-45409 DESCRIPTION: Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domai...
Security Bulletin: There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-44431)
Summary There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followe...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.12.0 Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandl...
Security Bulletin: Vulnerabilities in cryptography, pyOpenSSL & golang affect IBM Storage Protect Plus
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in pyOpenSSL & cryptography. IBM Storage Protect Plus Guest Applications is affected by vulnerabilities in golang Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-5516 DESCRIPTION: IBM WebSphere Application Server - Liberty 22.0.0.11...
Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]
Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System
Summary Multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacke...
Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow a Regular Expression Denial of Service (ReDoS) attack
Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41848 DESCRIPTION: Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then...
Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...
Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.
Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...
Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus
Summary IBM Storage Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Netty, Picomatch . Vulnerabilities include stack-based buffer overflow, improper encoding or escaping of output, deserialization of untrusted data, improper restriction of operations within the bounds of a memo...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186
Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...
Security Bulletin: IBM MQ Appliance is affected by a Linux kernel vulnerability (CVE-2024-41073)
Summary IBM MQ appliance has addressed a Linux kernel vulnerability. Vulnerability Details CVEID:CVE-2024-41073 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fai...
Security Bulletin: IBM MQ Appliance appliance is affected by multiple Java vulnerabilities
Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability...
Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty
Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler...
Security Bulletin: Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS
Summary Langflow OSS contains unauthenticated access vulnerability in /api/v1/buildpublictmp/ router endpoints allowing arbitrary jobid access without authentication or authorization checks. Two endpoints affected: 1 GET /buildpublictmp/jobid/events chat.py:758 streams live build events for any...
Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...
Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench
Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.2.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...