Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

aix

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

4

CISA CVEs -

0

NVD CVEs -

813
Related CVEsRelated VendorsRelated AssignersReports
813Vulnerabilities found

CVE-2026-9320
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 24.42%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:53
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9071
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.42%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:47
Updated-23 Jun, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by Uncontrolled Resource Consumption

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationApple Inc.IBM Corporation
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-9006
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.22% / 12.66%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:46
Updated-24 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server is affected by server-side request forgery

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowslinux_kerneliwebsphere_application_serverz\/osaixWebSphere Application Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-8646
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.34% / 25.95%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:44
Updated-24 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft CorporationApple Inc.
Product-windowslinux_kerneliwebsphere_application_servermacosz\/osaixWebSphere Application ServerWebSphere Application Server - Liberty
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-10845
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.34% / 25.94%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 14:43
Updated-23 Jun, 2026 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server is affected by an authentication bypass vulnerability

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowslinux_kerneliwebsphere_application_serverz\/osaixWebSphere Application Server
CWE ID-CWE-287
Improper Authentication
CVE-2026-6938
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 8.21%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:11
Updated-28 May, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query

IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kerneldb2aixDb2
CWE ID-CWE-285
Improper Authorization
CVE-2026-6053
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:10
Updated-29 May, 2026 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-6052
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.38%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:09
Updated-28 May, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-6051
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.42%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 13:07
Updated-28 May, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kerneldb2aixlinux_on_ibm_zDb2
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-8852
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.20% / 9.59%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:56
Updated-26 May, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelaixhttp_serverz\/osHTTP Server
CWE ID-CWE-617
Reachable Assertion
CVE-2026-8850
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.26%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 16:54
Updated-26 May, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelaixhttp_serverz\/osHTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-6732
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 46.25%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 22:19
Updated-30 Jun, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xsd-validated document

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable.

Action-Not Available
Vendor-Red Hat, Inc.libxml2 (XMLSoft)IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-1243
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 10.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 00:14
Updated-07 Apr, 2026 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Content Navigator is affected by , a Cross-Site Scripting (XSS) vulnerability

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixcontent_navigatorwindowsContent Navigator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-13855
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.6||HIGH
EPSS-0.25% / 16.73%
||
7 Day CHG~0.00%
Published-01 Apr, 2026 | 00:23
Updated-02 Apr, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsstorage_protect_serverStorage Protect Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14807
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 12.63%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:46
Updated-26 Mar, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to HTTP header injection

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
CVE-2026-1015
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 10.79%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:41
Updated-26 Mar, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-1014
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.74%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:40
Updated-26 Mar, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-2483
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 10.97%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:39
Updated-26 Mar, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server Cross-Site Scripting

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-36422
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 3.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:26
Updated-26 Mar, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to cross-site request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-36258
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.1||HIGH
EPSS-0.15% / 5.08%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:25
Updated-26 Mar, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2026-2485
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.19% / 8.49%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:22
Updated-27 Mar, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server Cross-Site Scripting

IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-14974
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:20
Updated-28 Mar, 2026 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-1262
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 15.30%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:19
Updated-26 Mar, 2026 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server Information Disclosure

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2025-14917
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.36% / 27.78%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:13
Updated-30 Mar, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty could provide weaker than expected security

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowswebsphere_application_serveraixz\/osmacosilinux_kernelWebSphere Application Server - Liberty
CWE ID-CWE-1393
Use of Default Password
CVE-2025-14912
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 12.55%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:13
Updated-26 Mar, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to server-side request forgery

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-14915
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.43%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:12
Updated-30 Mar, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowswebsphere_application_serveraixz\/osmacosilinux_kernelWebSphere Application Server - Liberty
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-14810
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.24% / 15.29%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:11
Updated-26 Mar, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to insufficient session expiration

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2026-1561
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 20.44%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:10
Updated-30 Mar, 2026 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM WebSphere Application Server Liberty Server-Side Request Forgery

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowswebsphere_application_serveraixz\/osmacosilinux_kernelWebSphere Application Server Liberty
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-14808
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-3.1||LOW
EPSS-0.22% / 13.22%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:09
Updated-26 Mar, 2026 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2025-14790
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 10.48%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 20:06
Updated-30 Mar, 2026 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelaixwindowsinfosphere_information_serverInfoSphere Information Server
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2026-0992
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-2.9||LOW
EPSS-0.31% / 22.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via crafted xml catalogs

A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-0989
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.42% / 34.03%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: unbounded relaxng include recursion leading to stack overflow

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2026-0990
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.76% / 51.00%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 14:20
Updated-30 Jun, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.

Action-Not Available
Vendor-libxml2 (XMLSoft)Red Hat, Inc.IBM Corporation
Product-libxml2hardened_imagesviosenterprise_linuxopenshift_container_platformjboss_core_servicesaixRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat JBoss Core ServicesRed Hat Hardened ImagesRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-36236
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.48% / 38.22%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 22:01
Updated-19 Nov, 2025 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIX Path Traversal

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-36250
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-10||CRITICAL
EPSS-0.66% / 47.28%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 22:01
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIX Code Execution

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIXVIOS
CWE ID-CWE-114
Process Control
CVE-2025-36096
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-0.29% / 21.41%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 22:01
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIX Insufficiently Protected Credentials

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIXVIOS
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-36251
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.53% / 41.15%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 22:01
Updated-26 Feb, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIX Command Execution

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosAIXVIOS
CWE ID-CWE-114
Process Control
CVE-2025-62230
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.27% / 18.47%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 05:19
Updated-01 Jul, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xwayland: use-after-free in xkb client resource removal

A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.IBM CorporationDebian GNU/Linux
Product-xwaylandenterprise_linux_tusx_serveraixenterprise_linux_eusviosenterprise_linux_elsenterprise_linuxdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_ausRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceXwaylandRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-416
Use After Free
CVE-2025-62231
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.28% / 20.15%
||
7 Day CHG~0.00%
Published-30 Oct, 2025 | 05:08
Updated-01 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg: xmayland: value overflow in xkbsetcompatmap()

A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.IBM CorporationDebian GNU/Linux
Product-xwaylandenterprise_linux_tusx_serveraixenterprise_linux_eusviosenterprise_linux_elsenterprise_linuxdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_ausRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSIONRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceXwaylandRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-33133
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:57
Updated-06 Nov, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33132
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:57
Updated-06 Nov, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-467
Use of sizeof() on a Pointer Type
CVE-2025-33131
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:56
Updated-06 Nov, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-aixwindowslinux_on_ibm_zlinux_kerneldb2_high_performance_unload_loadDB2 High Performance Unload
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-33126
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 23:56
Updated-05 Nov, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fixes to common vulnerabilities found in IBM Db2 High Performance Unload

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-db2_high_performance_unload_loadwindowsaixlinux_kernellinux_on_ibm_zDB2 High Performance Unload
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2025-36128
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.90%
||
7 Day CHG+0.01%
Published-16 Oct, 2025 | 16:49
Updated-28 Oct, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationIBM CorporationMicrosoft Corporation
Product-windowsaixilinux_kernelsolarismqMQ
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2025-36002
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 3.75%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 14:54
Updated-25 Oct, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator information disclosure

IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsaixlinux_kernelsterling_b2b_integratorsterling_file_gatewaySterling B2B IntegratorSterling File Gateway
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-260
Password in Configuration File
CVE-2025-2138
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 6.64%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 13:37
Updated-16 Oct, 2025 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management Doors Next data modification

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsaixengineering_requirements_management_doors_nextEngineering Requirements Management Doors Next
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2025-2139
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 6.64%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 13:35
Updated-16 Oct, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management Doors Next security bypass

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsaixengineering_requirements_management_doors_nextEngineering Requirements Management Doors Next
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2025-2140
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 13:33
Updated-16 Oct, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management Doors Next spoofing

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsaixengineering_requirements_management_doors_nextEngineering Requirements Management Doors Next
CWE ID-CWE-346
Origin Validation Error
CVE-2025-33096
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.52%
||
7 Day CHG~0.00%
Published-12 Oct, 2025 | 13:31
Updated-16 Oct, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Engineering Requirements Management Doors Next denial of service

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-linux_kernelwindowsaixengineering_requirements_management_doors_nextEngineering Requirements Management Doors Next
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-36244
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.11% / 1.71%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 14:38
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM AIX privilege escalation

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

Action-Not Available
Vendor-IBM Corporation
Product-viosaixAIXVIOS
CWE ID-CWE-454
External Initialization of Trusted Variables or Data Stores
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next