← Browse

Ibm

117 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-10109 CRITICAL 9.8 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to imprope… 2026-06-30 CVE-2026-10129 HIGH 8.5 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerabi… 2026-06-30 CVE-2026-10134 CRITICAL 10 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process… 2026-06-30 CVE-2026-10140 CRITICAL 9.6 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of … 2026-06-30 CVE-2026-10546 HIGH 7.1 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL co… 2026-06-30 CVE-2026-10560 HIGH 8.2 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_t… 2026-06-30 CVE-2026-10564 HIGH 8.2 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderCompon… 2026-06-30 CVE-2026-11541 HIGH 7.4 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through … 2026-06-30 CVE-2026-11546 HIGH 7.1 Websphere Application Server Liberty — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forg… 2026-06-30 CVE-2026-11594 HIGH 8.5 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin… 2026-06-30 CVE-2026-11595 MEDIUM 4.3 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information fr… 2026-06-30 CVE-2026-11708 CRITICAL 9.3 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin… 2026-06-30 CVE-2026-11712 CRITICAL 9.3 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin… 2026-06-30 CVE-2026-11714 HIGH 8.5 Websphere Application Server Liberty — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forg… 2026-06-30 CVE-2026-11806 HIGH 7.2 Websphere Application Server Liberty — IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vul… 2026-06-30 CVE-2026-11906 MEDIUM 6.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Ser… 2026-06-30 CVE-2026-12084 MEDIUM 5.4 Ucd Ibm Devops Deploy — IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (C… 2026-06-30 CVE-2026-12085 MEDIUM 6.5 Ucd Ibm Urbancode Deploy — IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.13, 8.1 … 2026-06-30 CVE-2026-12086 MEDIUM 6.2 Ucd Ibm Urbancode Deploy — IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 through 7.3.2.18 and IBM UCD - IBM DevOps Deploy … 2026-06-30 CVE-2026-13449 HIGH 7.6 Business Automation Manager Open Editions — IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity inje… 2026-06-30 CVE-2026-13759 HIGH 7.5 Websphere Extreme Scale — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStr… 2026-06-30 CVE-2026-13772 HIGH 7.5 Websphere Extreme Scale — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied… 2026-06-30 CVE-2026-13773 MEDIUM 6 Websphere Extreme Scale — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere… 2026-06-30 CVE-2026-3602 MEDIUM 4.7 App Connect Enterprise — IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 and IBM Integration Bus … 2026-06-30 CVE-2026-7663 CRITICAL 9.1 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project res… 2026-06-30 CVE-2026-7803 CRITICAL 9.8 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow … 2026-06-30 CVE-2026-7871 CRITICAL 9.8 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full appli… 2026-06-30 CVE-2026-7873 CRITICAL 9.9 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read… 2026-06-30 CVE-2026-7874 CRITICAL 9.1 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use… 2026-06-30 CVE-2026-9002 MEDIUM 6.5 Websphere Extreme Scale — IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of serv… 2026-06-30 CVE-2026-9836 LOW 3.5 Infosphere Information Server — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerabi… 2026-06-30 CVE-2025-12530 MEDIUM 5.9 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that cou… 2026-06-30 CVE-2025-36319 MEDIUM 4.3 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporar… 2026-06-30 CVE-2025-36320 MEDIUM 6.4 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vu… 2026-06-30 CVE-2025-36321 MEDIUM 5.7 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker co… 2026-06-30 CVE-2025-36323 MEDIUM 5.4 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerabi… 2026-06-30 CVE-2025-36324 MEDIUM 4.3 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). T… 2026-06-30 CVE-2025-36327 MEDIUM 6.5 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security … 2026-06-30 CVE-2025-36328 MEDIUM 4.3 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive inf… 2026-06-30 CVE-2025-36333 MEDIUM 4.3 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthor… 2026-06-30 CVE-2025-36336 MEDIUM 5.9 Watsonx.Data Intelligence — IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an atta… 2026-06-30 CVE-2025-36359 HIGH 8.1 Devops Automation — IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which c… 2026-06-30 CVE-2025-36372 MEDIUM 5.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Ser… 2026-06-30 CVE-2026-10561 CRITICAL 10 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution com… 2026-06-22 CVE-2026-10845 HIGH 7.3 Websphere Application Server — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain u… 2026-06-22 CVE-2026-10852 MEDIUM 5.9 I — IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of serv… 2026-06-22 CVE-2026-11372 MEDIUM 5.4 Tririga Application Platform — IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability… 2026-06-22 CVE-2026-12628 CRITICAL 9.1 Storage Protect Client — IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 throug… 2026-06-22 CVE-2026-7253 MEDIUM 5.3 Ibm Watson Speech Services Cartridge — IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gate… 2026-06-22 CVE-2026-7664 CRITICAL 9.8 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project res… 2026-06-22 CVE-2026-8059 MEDIUM 6.1 Datacap — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-s… 2026-06-22 CVE-2026-8636 MEDIUM 5.5 Datacap — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to re… 2026-06-22 CVE-2026-8646 HIGH 7.4 Websphere Application Server — IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 2… 2026-06-22 CVE-2026-8858 HIGH 7.5 I — IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code ex… 2026-06-22 CVE-2026-9006 HIGH 7.4 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Aja… 2026-06-22 CVE-2026-9071 HIGH 7.5 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through … 2026-06-22 CVE-2026-9072 HIGH 8.1 I — IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Managem… 2026-06-22 CVE-2026-9320 MEDIUM 5.9 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through … 2026-06-22 CVE-2026-9610 LOW 2.3 Datacap — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or fun… 2026-06-22 CVE-2025-2669 MEDIUM 6 Db2 On Cloud Pak For Data And Db2 Warehouse On Cloud Pak For Data — IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could a… 2026-06-22 CVE-2025-33128 MEDIUM 5.4 Engineering Workflow Management — IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 i… 2026-06-22 CVE-2026-4870 HIGH 7.5 Qiskit Sdk — IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denia… 2026-06-12 CVE-2026-3341 MEDIUM 5.4 Langflow Desktop — IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). Thi… 2026-06-11 CVE-2026-4096 MEDIUM 6.5 Devops Plan — IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of i… 2026-06-11 CVE-2026-7787 HIGH 7.5 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information… 2026-06-11 CVE-2026-7870 HIGH 8.8 I — IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call… 2026-06-11 CVE-2026-7770 HIGH 8.8 I Access Family — IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code … 2026-06-01 CVE-2026-8644 CRITICAL 9.1 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. 2026-06-01 CVE-2026-9311 CRITICAL 9 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of s… 2026-06-01 CVE-2026-9319 CRITICAL 9 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserial… 2026-06-01 CVE-2026-9330 HIGH 8.5 Websphere Application Server — IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data duri… 2026-06-01 CVE-2026-1248 MEDIUM 4.3 Business Automation Workflow Containers And Traditional — IBM Business Automation Workflow containers and traditional may leak information about its database structure … 2026-05-27 CVE-2026-1718 HIGH 7.1 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially… 2026-05-27 CVE-2026-2607 MEDIUM 5.1 Mq Operator — IBM MQ Operator SC2: v3.2.0 through 3.2.23CD:  v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.… 2026-05-27 CVE-2026-3366 HIGH 7.5 Infosphere Optim Test Data Fabrication — IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5,… 2026-05-27 CVE-2026-3623 HIGH 7.8 Netezza Performance Server Replication Services — IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privil… 2026-05-27 CVE-2026-3676 MEDIUM 6.5 Cloud Apm, Base Private — IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Window… 2026-05-27 CVE-2026-4410 MEDIUM 4.8 Websphere Application Server Liberty — IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0,… 2026-05-27 CVE-2026-5065 HIGH 8.8 Controller — IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or crypt… 2026-05-27 CVE-2026-5515 MEDIUM 5.5 App Connect Enterprise — IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files tha… 2026-05-27 CVE-2026-5516 MEDIUM 4.4 Websphere Application Server Liberty — IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty… 2026-05-27 CVE-2026-6051 MEDIUM 5.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a… 2026-05-27 CVE-2026-6052 MEDIUM 6.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing… 2026-05-27 CVE-2026-6053 MEDIUM 5.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially… 2026-05-27 CVE-2026-6936 MEDIUM 6.5 I — IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the I… 2026-05-27 CVE-2026-6938 MEDIUM 6.5 Db2 — IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage … 2026-05-27 CVE-2026-7254 MEDIUM 5.3 Openbmc — IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network … 2026-05-27 CVE-2026-7365 HIGH 8.4 Operations Analytics Log Analysis — IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords de… 2026-05-27 CVE-2026-7524 CRITICAL 9.8 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic … 2026-05-27 CVE-2026-7528 HIGH 7.1 Langflow Oss — IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. 2026-05-27 CVE-2026-7876 CRITICAL 9.1 Aspera Hsts For Cp4i — IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfe… 2026-05-27 CVE-2026-8175 CRITICAL 9.8 Aspera High Speed Transfer Endpoint — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv… 2026-05-27 CVE-2026-8179 HIGH 8.8 Aspera High Speed Transfer Endpoint — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv… 2026-05-27 CVE-2026-8180 HIGH 7.5 Aspera High Speed Transfer Endpoint — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv… 2026-05-27 CVE-2026-8405 MEDIUM 6.5 Guardium Data Protection — IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term… 2026-05-27 CVE-2026-9035 MEDIUM 6.5 Aspera High Speed Transfer Endpoint — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Serv… 2026-05-27 CVE-2025-3633 MEDIUM 5.4 Cognos Analytics — IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are … 2026-05-27 CVE-2026-3603 HIGH 7.1 Engineering Lifecycle Management — IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 th… 2026-05-26 CVE-2026-3660 CRITICAL 9.8 Engineering Lifecycle Management — IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to… 2026-05-26 CVE-2026-4051 HIGH 7.2 Engineering Lifecycle Management — IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privi… 2026-05-26 CVE-2026-8620 HIGH 7.5 Web Server Plug Ins For Websphere Application Server And Websphere Liberty — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Applicat… 2026-05-26 CVE-2026-8633 CRITICAL 9.8 Web Server Plug Ins For Websphere Application Server And Websphere Liberty — IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Applicat… 2026-05-26 CVE-2026-8834 HIGH 8 Http Server — IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the… 2026-05-26 CVE-2026-8835 HIGH 7.3 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to… 2026-05-26 CVE-2026-8850 HIGH 7.5 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. 2026-05-26 CVE-2026-8852 MEDIUM 6.2 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. 2026-05-26 CVE-2026-8854 HIGH 7.5 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. 2026-05-26 CVE-2026-8855 HIGH 8.1 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations wi… 2026-05-26 CVE-2026-8856 HIGH 7.7 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write … 2026-05-26 CVE-2026-9170 CRITICAL 9.8 Http Server — IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to i… 2026-05-26 CVE-2025-13755 MEDIUM 5.5 Db2 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Ser… 2026-05-26 CVE-2025-14290 MEDIUM 5.4 Webmethods Integration (On Prem) Integration Server — IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core… 2026-05-26 CVE-2025-36126 MEDIUM 6.4 Cognos Analytics — IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerabl… 2026-05-26 CVE-2025-36145 MEDIUM 5.4 Watsonx.Data — IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections w… 2026-05-26 CVE-2025-36148 MEDIUM 5.4 Financial Transaction Manager For Swift Services For Multiplatforms — IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial… 2026-05-26 CVE-2025-36220 MEDIUM 4.3 Cloud Pak For Data System Cyclops — IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vul… 2026-05-26 CVE-2025-36221 MEDIUM 5.3 Cloud Pak For Data System Cyclops — IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses d… 2026-05-26