๐จ CVE-2026-11714
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
๐@cveNotify
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscovery-1.0 feature enabled.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability (CVE-2026-11714)
IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled.
๐จ CVE-2026-11806
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
๐@cveNotify
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability (CVE-2026-11806)
IBM WebSphere Application Server Liberty is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
๐จ CVE-2026-11906
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
๐@cveNotify
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
๐@cveNotify
Ibm
Security Bulletin: IBMยฎ Db2ยฎ federated server is vulnerable to a denial of service due to improper neutralization of special elementsโฆ
IBMยฎ Db2ยฎ federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user.
๐จ CVE-2026-12084
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
๐@cveNotify
IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.
๐@cveNotify
Ibm
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy withโฆ
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. CVEโฆ
๐จ CVE-2026-12085
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
๐@cveNotify
IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 IBM DevOps Deploy could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system.
๐@cveNotify
Ibm
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Intoโฆ
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. CVE-2026-12085.
๐จ CVE-2026-12086
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
๐@cveNotify
IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 stores potentially sensitive information in log files that could be read by a local user.
๐@cveNotify
Ibm
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information intoโฆ
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) installer potentially logs sensitive information in a way that could be read by a local user. CVE-2026-12086.
๐จ CVE-2026-13449
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
๐@cveNotify
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
๐@cveNotify
Ibm
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0
๐จ CVE-2026-13772
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries
๐@cveNotify
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName() and invokes their constructors with no allow-list at three distinct sinks (SELECT NEW, enum literals, and reflection-based comparators); an authenticated remote attacker who can influence an application-built OQL query string can execute arbitrary constructors on the WAS JVM, and a SELECT DISTINCT variant using planted grid values fires the same gadget post-readObject in a manner that survives JEP-290 serialization filters across grid node boundaries
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
IBM WebSphere eXtremes Scale's OQL is affected by remote code execution (CVE-2026-13772)
๐จ CVE-2026-13773
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM.
๐@cveNotify
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host; when chained with the IBM ORB's getUserException class-instantiation flaw (WAS-26), this SSRF escalates to remote code execution on the calling JVM.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
IBM WebSphere eXtremes Scale is affected by server side request forgery when ORB is used as Transport Protocol (CVE-2026-13773)
๐จ CVE-2026-3602
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
๐@cveNotify
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
๐@cveNotify
Ibm
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection (CVE-2026โฆ
IBM App Connect Enterprise and IBM Integration Bus for z/OS toolkit is vulnerable to an sql injection.
๐จ CVE-2026-7663
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
๐@cveNotify
IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint.
๐@cveNotify
Ibm
Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
An improper authorization vulnerability in Streamable MCP transport endpoint (/api/v1/mcp/project/{project_id}/streamable) allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol (MCP) operations against OAuthโฆ
๐จ CVE-2026-7803
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
๐@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields.
๐@cveNotify
Ibm
Security Bulletin: Flow Validation Bypass via Empty Component Type Field
A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type valueโฆ
๐จ CVE-2026-7871
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
๐@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity.
๐@cveNotify
Ibm
Security Bulletin: Insecure Deserialization in Redis Cache Backend
A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads() to deserialize cached values without integrity verificationโฆ
๐จ CVE-2026-7873
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
๐@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement.
๐@cveNotify
Ibm
Security Bulletin: Code Injection Vulnerability in Code Validation Endpoint
A code injection vulnerability was identified in the code validation endpoint that allowed authenticated users to execute arbitrary code on the server. The vulnerability existed in the validation logic which compiled and executed function definitions to checkโฆ
๐จ CVE-2026-7874
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
๐@cveNotify
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest.
๐@cveNotify
Ibm
Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials
A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRET_KEY to derive Fernetโฆ
๐จ CVE-2026-9002
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.
๐@cveNotify
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM.
๐@cveNotify
Ibm
Security Bulletin: IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled
IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled (CVE-2026-9002)
๐จ CVE-2026-9836
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
๐@cveNotify
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
๐@cveNotify
Ibm
Security Bulletin: IBM DataStage Flow Designer application is affected by an information disclosure vulnerability (CVE-2026-9836)
An information disclosure vulnerability was addressed in IBM DataStage Flow Designer .
๐จ CVE-2025-12530
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
๐@cveNotify
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
๐@cveNotify
Ibm
Security Bulletin: Vulnerabilities found in Watson Data Intelligence
Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3.
๐จ CVE-2025-36319
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
๐@cveNotify
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.
๐@cveNotify
Ibm
Security Bulletin: Vulnerabilities found in Watson Data Intelligence
Multiple vulnerabilities were addressed in Watson Data Intelligence version 5.3.1.
๐จ CVE-2025-36320
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
๐@cveNotify
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
๐@cveNotify
Ibm
Security Bulletin: Vulnerabilities found in Watson Data Intelligence
Multiple vulnerabilities were addressed in Watson Data Intelligence version 5.3.1.
๐จ CVE-2025-36321
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
๐@cveNotify
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
๐@cveNotify
Ibm
Security Bulletin: Vulnerabilities found in Watson Data Intelligence
Multiple vulnerabilities were addressed in Watson Data Intelligence version 5.3.1.