Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-43186 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 5.3 Medium
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
CVE-2024-51477 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 4.3 Medium
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
CVE-2024-7577 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 4.4 Medium
IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
CVE-2024-55895 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 2.7 Low
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2025-0154 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
CVE-2024-56474 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 4.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVE-2024-56476 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.3 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.
CVE-2024-56475 2 Ibm, Linux 3 Aix, Txseries For Multiplatforms, Linux Kernel 2025-09-01 5.4 Medium
IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-25023 1 Ibm 1 Security Guardium 2025-09-01 4.9 Medium
IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment.
CVE-2024-51461 1 Ibm 1 Qradar Wincollect 2025-09-01 4.3 Medium
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.
CVE-2024-49825 1 Ibm 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak 2025-09-01 6.3 Medium
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
CVE-2024-49808 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions.
CVE-2024-45651 3 Ibm, Linux, Microsoft 4 Aix, Sterling Connect Direct Web Services, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.
CVE-2025-2987 1 Ibm 1 Maximo Asset Management 2025-09-01 3.8 Low
IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2025-27907 5 Hp, Ibm, Linux and 2 more 8 Hp-ux, Aix, I and 5 more 2025-09-01 4.1 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2024-22351 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-09-01 6.3 Medium
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2025-3218 1 Ibm 1 I 2025-09-01 5.4 Medium
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
CVE-2025-1993 1 Ibm 3 App Connect Enterprise Certified Container, App Connect Enterprise Certified Containers Operands, App Connect Operator 2025-08-31 5.1 Medium
IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.
CVE-2025-6992 2025-08-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6633 1 Fortra 1 Filecatalyst Workflow 2025-08-29 9.8 Critical
The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate installation, has been deprecated, and is not intended for production use per vendor guides. However, users who have not configured FileCatalyst Workflow to use an alternative database per recommendations are vulnerable to attack from any source that can reach the HSQLDB.