Export limit exceeded: 366890 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9072 | 1 Ibm | 2 I, Websphere Application Server | 2026-07-09 | 8.1 High |
| IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in. | ||||
| CVE-2026-8858 | 1 Ibm | 2 I, Websphere Application Server | 2026-07-09 | 7.5 High |
| IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in. | ||||
| CVE-2026-10852 | 1 Ibm | 2 I, Websphere Application Server | 2026-07-09 | 5.9 Medium |
| IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server. | ||||
| CVE-2026-11546 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-07-01 | 7.1 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. | ||||
| CVE-2026-13772 | 1 Ibm | 1 Websphere Extreme Scale | 2026-07-01 | 7.5 High |
| IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries | ||||
| CVE-2026-11541 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-07-01 | 7.4 High |
| IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. | ||||
| CVE-2026-11806 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-07-01 | 7.2 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. | ||||
| CVE-2026-13759 | 1 Ibm | 1 Websphere Extreme Scale | 2026-07-01 | 7.5 High |
| IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver) that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including RemoteConstructor.readResolve and PriorityQueue/ExtractorComparator are confirmed working, allowing a post-login attacker who can write a session attribute or a LAN-adjacent attacker on the grid replication wire to execute arbitrary code on peer WAS JVMs | ||||
| CVE-2026-11714 | 1 Ibm | 1 Websphere Application Server Liberty | 2026-07-01 | 8.5 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled. | ||||
| CVE-2026-11594 | 1 Ibm | 1 Websphere Application Server | 2026-07-01 | 8.5 High |
| IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. | ||||
| CVE-2026-11708 | 1 Ibm | 1 Websphere Application Server | 2026-07-01 | 9.3 Critical |
| IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system. | ||||
| CVE-2026-11712 | 1 Ibm | 1 Websphere Application Server | 2026-07-01 | 9.3 Critical |
| IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console help system. | ||||
| CVE-2026-11595 | 1 Ibm | 1 Websphere Application Server | 2026-07-01 | 4.3 Medium |
| IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system. | ||||
| CVE-2026-9002 | 1 Ibm | 1 Websphere Extreme Scale | 2026-06-30 | 6.5 Medium |
| IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM. | ||||
| CVE-2026-13773 | 1 Ibm | 1 Websphere Extreme Scale | 2026-06-30 | 6 Medium |
| IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM. | ||||
| CVE-2026-9006 | 1 Ibm | 1 Websphere Application Server | 2026-06-23 | 7.4 High |
| IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. | ||||
| CVE-2026-9071 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-06-23 | 7.5 High |
| IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2026-10845 | 1 Ibm | 1 Websphere Application Server | 2026-06-22 | 7.3 High |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. | ||||
| CVE-2026-9320 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-06-22 | 5.9 Medium |
| IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2026-8646 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-06-22 | 7.4 High |
| IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information. | ||||