Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20470
Total
1466
Critical
6212
High
6509
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2025-36328 | MEDIUM | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in … | Jun 30, 2026 |
| CVE-2025-36327 | MEDIUM | 6.5 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of … | Jun 30, 2026 |
| CVE-2025-36324 | MEDIUM | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from … | Jun 30, 2026 |
| CVE-2025-36323 | MEDIUM | 5.4 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the … | Jun 30, 2026 |
| CVE-2025-36321 | MEDIUM | 5.7 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be … | Jun 30, 2026 |
| CVE-2025-36320 | MEDIUM | 6.4 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in … | Jun 30, 2026 |
| CVE-2025-36319 | MEDIUM | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to … | Jun 30, 2026 |
| CVE-2025-12530 | MEDIUM | 5.9 | IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man … | Jun 30, 2026 |
| CVE-2026-9836 | LOW | 3.5 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | Jun 30, 2026 |
| CVE-2026-9002 | MEDIUM | 6.5 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF … | Jun 30, 2026 |
| CVE-2026-7874 | CRITICAL | 9.1 | IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation … | Jun 30, 2026 |
| CVE-2026-7873 | CRITICAL | 9.9 | IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and … | Jun 30, 2026 |
| CVE-2026-7871 | CRITICAL | 9.8 | IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system … | Jun 30, 2026 |
| CVE-2026-7803 | CRITICAL | 9.8 | IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields. | Jun 30, 2026 |
| CVE-2026-7663 | CRITICAL | 9.1 | IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement … | Jun 30, 2026 |
| CVE-2026-3602 | MEDIUM | 4.7 | IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. … | Jun 30, 2026 |
| CVE-2026-13773 | MEDIUM | 6.0 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string … | Jun 30, 2026 |
| CVE-2026-13772 | HIGH | 7.5 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list … | Jun 30, 2026 |
| CVE-2026-13759 | HIGH | 7.5 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the … | Jun 30, 2026 |
| CVE-2026-13449 | HIGH | 7.6 | IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote … | Jun 30, 2026 |
| CVE-2026-12086 | MEDIUM | 6.2 | IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through … | Jun 30, 2026 |
| CVE-2026-12085 | MEDIUM | 6.5 | IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through … | Jun 30, 2026 |
| CVE-2026-12084 | MEDIUM | 5.4 | IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry … | Jun 30, 2026 |
| CVE-2026-11906 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause … | Jun 30, 2026 |
| CVE-2026-11806 | HIGH | 7.2 | IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. | Jun 30, 2026 |