Search Results (8373 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-36105 1 Ibm 1 Planning Analytics Advanced Certified Containers 2026-05-06 4.4 Medium
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
CVE-2026-6389 1 Ibm 1 Turbonomic Prometurbo Agent 2026-05-05 8.8 High
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.
CVE-2026-6542 2 Ibm, Langflow 2 Langflow Oss, Langflow 2026-05-04 6.5 Medium
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
CVE-2026-2311 1 Ibm 1 I 2026-05-01 6.4 Medium
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-14688 1 Ibm 1 Db2 2026-05-01 5.3 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.
CVE-2025-36122 1 Ibm 1 Db2 2026-05-01 6.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.
CVE-2026-1352 1 Ibm 1 Db2 2026-04-27 6.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2026-1272 1 Ibm 1 Guardium Data Protection 2026-04-24 2.7 Low
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
CVE-2026-1274 1 Ibm 1 Guardium Data Protection 2026-04-24 4.9 Medium
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.
CVE-2026-4917 1 Ibm 1 Guardium Data Protection 2026-04-24 4.9 Medium
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVE-2026-4918 1 Ibm 1 Guardium Data Protection 2026-04-24 5.5 Medium
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2026-4919 1 Ibm 1 Guardium Data Protection 2026-04-24 4.8 Medium
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2006-6637 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
CVE-2007-3676 1 Ibm 1 Db2 2026-04-23 N/A
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CVE-2006-6607 1 Ibm 1 Tivoli Identity Manager 2026-04-23 N/A
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods.
CVE-2007-1944 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.
CVE-2006-6636 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
CVE-2010-0274 1 Ibm 2 Lotus Domino, Lotus Inotes 2026-04-23 N/A
Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5.
CVE-2010-0275 1 Ibm 2 Lotus Domino, Lotus Inotes 2026-04-23 N/A
Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle script commands in the status-alerts URL, which has unspecified impact and attack vectors, aka SPR LSHR7TBM58.
CVE-2010-0276 1 Ibm 3 Domino Web Access, Lotus Domino, Lotus Inotes 2026-04-23 N/A
IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus iNotes anyway" link from the page that reports use of an unsupported browser, which has unspecified impact and attack vectors, aka SPR LSHR7TBMQU.