Filtered by vendor Ibm
Subscriptions
Total
8294 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-10 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2025-36105 | 1 Ibm | 1 Planning Analytics Advanced Certified Containers | 2026-05-06 | 4.4 Medium |
| IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | ||||
| CVE-2026-6389 | 1 Ibm | 1 Turbonomic Prometurbo Agent | 2026-05-05 | 8.8 High |
| IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise. | ||||
| CVE-2026-6542 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-05-04 | 6.5 Medium |
| IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow. | ||||
| CVE-2026-2311 | 1 Ibm | 1 I | 2026-05-01 | 6.4 Medium |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-14688 | 1 Ibm | 1 Db2 | 2026-05-01 | 5.3 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | ||||
| CVE-2025-36122 | 1 Ibm | 1 Db2 | 2026-05-01 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. | ||||
| CVE-2026-1352 | 1 Ibm | 1 Db2 | 2026-04-27 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2026-4917 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.9 Medium |
| IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system. | ||||
| CVE-2026-1272 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 2.7 Low |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | ||||
| CVE-2026-4919 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.8 Medium |
| IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2026-4918 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 5.5 Medium |
| IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2026-1274 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.9 Medium |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | ||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2026-04-23 | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | ||||
| CVE-2007-1223 | 3 Hitachi, Ibm, Sun | 4 Hi-ux\/we2, Osas\/ft\/w, Aix and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port". | ||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2026-04-23 | N/A |
| IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | ||||
| CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | ||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2026-04-23 | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | ||||
| CVE-2007-4794 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter. | ||||
| CVE-2007-4795 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. | ||||