ibm

8,153 tracked vulnerabilities.

CVE-2025-36365 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Authenticated Authorization Bypass via Cataloged Remote Storage Alias
Jan 30, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-36353 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via Data Query Logic
Jan 30, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-36184 HIGH
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 1...
Jan 30, 2026
CVSS 7.2
EPSS 0.00
CVE-2025-36123 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via XML Data Table Copy
Jan 30, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-36098 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Authenticated Denial of Service
Jan 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-36070 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Denial of Service via Table Selection
Jan 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-36009 MEDIUM
IBM Db2 11.5.0-11.5.8 - Authenticated Denial of Service via Global Variable Exhaustion
Jan 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-36001 MEDIUM
IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.3 - Authenticated Denial of Service via XML Recursion
Jan 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-2668 MEDIUM
IBM Db2 11.5.0-11.5.9 - Authenticated Denial of Service via Crafted Query
Jan 30, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-36419 MEDIUM
IBM ApplinX 11.1 - Sensitive Information Exposure via Server Error Messages
Jan 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-36418 HIGH
IBM ApplinX 11.1 - Privilege Escalation via JWT Token Manipulation
Jan 20, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-36411 LOW
IBM ApplinX 11.1 - Cross-Site Request Forgery
Jan 20, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-36410 LOW
IBM ApplinX 11.1 - Privilege Escalation
Jan 20, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-36409 MEDIUM
IBM ApplinX 11.1 - Authenticated Stored Cross-Site Scripting
Jan 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-36408 MEDIUM
IBM ApplinX 11.1 - Authenticated Stored Cross-Site Scripting
Jan 20, 2026
CVSS 6.4
EPSS 0.00
CVE-2025-36397 MEDIUM
IBM Application Gateway 23.10-25.09 - HTML Injection
Jan 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-36396 MEDIUM
IBM Application Gateway 23.10-25.09 - Authenticated Stored Cross-Site Scripting
Jan 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-36115 MEDIUM
IBM Sterling Connect:Express Adapter - Privilege Escalation
Jan 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-36113 MEDIUM
IBM Sterling Connect:Express Adapter 5.2.0.00-5.2.0.12 Stored XSS
Jan 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-36066 MEDIUM
IBM Sterling Connect:Express Adapter 5.2.0.00-5.2.0.12 - Stored XSS
Jan 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-36065 MEDIUM
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00-5.2.0.12 - Insufficient Session Expiration
Jan 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-36063 MEDIUM
IBM Sterling Connect:Express Adapter 5.2.0.00-5.2.0.12 - Insufficient Session Expiration
Jan 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-36059 MEDIUM
IBM Business Automation Workflow <25.0.0-24.0.0 - Privilege Escalation
Jan 20, 2026
CVSS 4.7
EPSS 0.00
CVE-2025-36058 MEDIUM
IBM Business Automation Workflow <25.0.0-24.0.1 - Info Disclosure
Jan 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-33015 HIGH
IBM Concert <2.1.0 - Code Injection
Jan 20, 2026
CVSS 8.8
EPSS 0.00
Products
websphere_application_server 444 aix 393 db2 327 rational_quality_manager 202 sterling_b2b_integrator 195 infosphere_information_server 188 qradar_security_information_and_event_manager 187 maximo_asset_management 182 rational_doors_next_generation 153 rational_team_concert 142 rational_collaborative_lifecycle_management 141 rational_engineering_lifecycle_manager 141 websphere_portal 126 security_guardium 112 cognos_analytics 102 sterling_file_gateway 93 rational_rhapsody_design_manager 90 security_verify_access 90 websphere_mq 89 business_process_manager 88 lotus_domino 86 vios 85 rational_software_architect_design_manager 81 api_connect 79 lotus_notes 71 security_key_lifecycle_manager 70 db2_universal_database 66 concert 65 smartcloud_control_desk 65 urbancode_deploy 63
Quick Filters
Critical CVEs With Exploits In CISA KEV