Filtered by vendor Ibm
Subscribe
Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14290 | 1 Ibm | 1 Webmethods Integration Server | 2026-06-01 | N/A | 5.4 MEDIUM |
| IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-36126 | 1 Ibm | 2 Cognos Analytics, Cognos Transformer | 2026-06-01 | N/A | 6.4 MEDIUM |
| IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-36145 | 1 Ibm | 1 Watsonx.data | 2026-06-01 | N/A | 5.4 MEDIUM |
| IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | |||||
| CVE-2025-36148 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2026-06-01 | N/A | 5.4 MEDIUM |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2026-4410 | 1 Ibm | 1 Websphere Application Server | 2026-06-01 | N/A | 4.8 MEDIUM |
| IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | |||||
| CVE-2026-7876 | 1 Ibm | 1 Aspera High-speed Transfer Server For Cloud Pak For Integration | 2026-05-29 | N/A | 9.1 CRITICAL |
| IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 | |||||
| CVE-2026-3660 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-05-29 | N/A | 9.8 CRITICAL |
| IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application. | |||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2026-05-28 | 4.3 MEDIUM | 3.4 LOW |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
| CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2026-05-28 | 2.1 LOW | 4.0 MEDIUM |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
| CVE-2026-1248 | 1 Ibm | 1 Business Automation Workflow | 2026-05-28 | N/A | 4.3 MEDIUM |
| IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | |||||
| CVE-2026-6051 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-28 | N/A | 5.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | |||||
| CVE-2026-6052 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-28 | N/A | 6.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | |||||
| CVE-2026-6053 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-28 | N/A | 5.5 MEDIUM |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | |||||
| CVE-2026-6936 | 1 Ibm | 1 I | 2026-05-28 | N/A | 6.5 MEDIUM |
| IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. | |||||
| CVE-2026-6938 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2026-05-28 | N/A | 6.5 MEDIUM |
| IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | |||||
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more | 2026-05-28 | 5.0 MEDIUM | 3.7 LOW |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | |||||
| CVE-2026-9170 | 1 Ibm | 1 Http Server | 2026-05-27 | N/A | 9.8 CRITICAL |
| IBM HTTP Server 8.5, and 9.0 | |||||
| CVE-2015-1916 | 1 Ibm | 1 Java | 2026-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. | |||||
| CVE-2026-8633 | 1 Ibm | 1 Websphere Application Server | 2026-05-27 | N/A | 9.8 CRITICAL |
| IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | |||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2026-05-27 | 4.3 MEDIUM | 3.7 LOW |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||