ibm

8,286 tracked vulnerabilities.

CVE-2026-9074 CRITICAL
IBM API Connect SQL Injection
Jul 08, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-3144 HIGH
IBM API Connect Default Credentials
Jul 08, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-11541 HIGH
IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
Jun 30, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-11594 HIGH
IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
Jun 30, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-9836 LOW
IBM DataStage Flow Designer application is affected by an information disclosure vulnerability
Jun 30, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-9002 MEDIUM
IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-7874 CRITICAL
IBM Langflow OSS - Weak Cryptographic Key Derivation Exposed All Stored Credentials
Jun 30, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-7873 CRITICAL
IBM Langflow OSS 1.0.0-1.10.0 - Authenticated OS Command Execution
Jun 30, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-7871 CRITICAL
IBM Langflow OSS - Insecure Deserialization in Redis Cache Backend
Jun 30, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-7803 CRITICAL
IBM Langflow OSS - Flow Validation Bypass via Empty Component Type Field
Jun 30, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-7663 CRITICAL
IBM Langflow OSS 1.0.0-1.9.6 - Unauthenticated MCP Authorization Bypass
Jun 30, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-3602 MEDIUM
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection
Jun 30, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-13773 MEDIUM
IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
Jun 30, 2026
CVSS 6.0
EPSS 0.03
CVE-2026-13772 HIGH
IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
Jun 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-13759 HIGH
IBM WebSphere eXtreme Scale is affected by Insecure Deserilization
Jun 30, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-13449 HIGH
XXE attack in IBM Business Automation Manager Open Editions
Jun 30, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-12086 MEDIUM
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability
Jun 30, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-12085 MEDIUM
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-12084 MEDIUM
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains
Jun 30, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-11906 MEDIUM
Db2 11.5.9 and 12.1.4 - Denial of Service
Jun 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-11806 HIGH
IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability
Jun 30, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-11714 HIGH
IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability
Jun 30, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-11712 CRITICAL
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability
Jun 30, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-11708 CRITICAL
IBM WebSphere Application Server is affected by a cross-site scripting vulnerability
Jun 30, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-11595 MEDIUM
IBM WebSphere Application Server is affected by a Path Traversal vulnerability
Jun 30, 2026
CVSS 4.3
EPSS 0.00