Filtered by vendor Ibm
Subscriptions
Total
8109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14689 | 1 Ibm | 1 Db2 | 2026-02-18 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. | ||||
| CVE-2025-36247 | 1 Ibm | 1 Db2 | 2026-02-18 | 7.1 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2025-36425 | 1 Ibm | 1 Db2 | 2026-02-18 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration. | ||||
| CVE-2025-33089 | 1 Ibm | 1 Concert | 2026-02-18 | 6.5 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials. | ||||
| CVE-2025-33101 | 1 Ibm | 1 Concert | 2026-02-18 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory. | ||||
| CVE-2025-36243 | 1 Ibm | 1 Concert | 2026-02-18 | 5.4 Medium |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2025-12755 | 1 Ibm | 2 Mq Advanced, Mq Operator | 2026-02-18 | 4 Medium |
| IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues. | ||||
| CVE-2025-36058 | 1 Ibm | 2 Business Automation Workflow, Business Automation Workflow Containers | 2026-02-17 | 5.5 Medium |
| IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information in a config map. | ||||
| CVE-2025-36059 | 1 Ibm | 2 Business Automation Workflow, Business Automation Workflow Containers | 2026-02-17 | 4.7 Medium |
| IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls. | ||||
| CVE-2025-1823 | 1 Ibm | 1 Jazz Reporting Service | 2026-02-12 | 3.5 Low |
| IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. | ||||
| CVE-2025-13096 | 1 Ibm | 1 Business Automation Workflow | 2026-02-12 | 7.1 High |
| IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2025-36009 | 1 Ibm | 1 Db2 | 2026-02-11 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. | ||||
| CVE-2025-36424 | 1 Ibm | 1 Db2 | 2026-02-11 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2025-36427 | 1 Ibm | 1 Db2 | 2026-02-11 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. | ||||
| CVE-2025-15395 | 1 Ibm | 1 Jazz Foundation | 2026-02-11 | 4.3 Medium |
| IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability. | ||||
| CVE-2025-36253 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-11 | 5.9 Medium |
| IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | ||||
| CVE-2025-33081 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-11 | 3.3 Low |
| IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2025-36407 | 1 Ibm | 1 Db2 | 2026-02-10 | 6.5 Medium |
| IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | ||||
| CVE-2025-13375 | 1 Ibm | 1 Common Cryptographic Architecture | 2026-02-06 | 9.8 Critical |
| IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | ||||
| CVE-2024-51451 | 1 Ibm | 1 Concert | 2026-02-05 | 6.5 Medium |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. | ||||