Export limit exceeded: 361890 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-10 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2025-36105 | 1 Ibm | 1 Planning Analytics Advanced Certified Containers | 2026-05-06 | 4.4 Medium |
| IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | ||||
| CVE-2026-6389 | 1 Ibm | 1 Turbonomic Prometurbo Agent | 2026-05-05 | 8.8 High |
| IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise. | ||||
| CVE-2026-6542 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-05-04 | 6.5 Medium |
| IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow. | ||||
| CVE-2026-2311 | 1 Ibm | 1 I | 2026-05-01 | 6.4 Medium |
| IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||
| CVE-2025-14688 | 1 Ibm | 1 Db2 | 2026-05-01 | 5.3 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | ||||
| CVE-2025-36122 | 1 Ibm | 1 Db2 | 2026-05-01 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. | ||||
| CVE-2026-1352 | 1 Ibm | 1 Db2 | 2026-04-27 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2026-1274 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.9 Medium |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel. | ||||
| CVE-2026-1272 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 2.7 Low |
| IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | ||||
| CVE-2026-4917 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.9 Medium |
| IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system. | ||||
| CVE-2026-4918 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 5.5 Medium |
| IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2026-4919 | 1 Ibm | 1 Guardium Data Protection | 2026-04-24 | 4.8 Medium |
| IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2026-04-23 | N/A |
| Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | ||||
| CVE-2009-3088 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2026-04-23 | N/A |
| Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0869 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager Hsm, Windows | 2026-04-23 | N/A |
| Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2008-4404 | 1 Ibm | 1 Zseries | 2026-04-23 | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | ||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | ||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | ||||
| CVE-2009-1178 | 1 Ibm | 1 Tivoli Storage Manager | 2026-04-23 | N/A |
| Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line." | ||||