CVE-2026-10852
- EPSS 0.27%
- Veröffentlicht 22.06.2026 19:32:28
- Zuletzt bearbeitet 09.07.2026 21:16:54
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server.
CVE-2026-9072
- EPSS 0.38%
- Veröffentlicht 22.06.2026 14:21:35
- Zuletzt bearbeitet 09.07.2026 21:16:56
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can b...
CVE-2026-8858
- EPSS 0.25%
- Veröffentlicht 22.06.2026 14:16:39
- Zuletzt bearbeitet 09.07.2026 21:16:56
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonat...
CVE-2026-7870
- EPSS 0.34%
- Veröffentlicht 11.06.2026 14:34:34
- Zuletzt bearbeitet 16.06.2026 15:00:29
IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2026-6936
- EPSS 0.24%
- Veröffentlicht 27.05.2026 13:10:46
- Zuletzt bearbeitet 28.05.2026 15:46:09
IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted sou...
CVE-2026-2311
- EPSS 0.2%
- Veröffentlicht 30.04.2026 21:45:08
- Zuletzt bearbeitet 01.05.2026 19:33:39
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2026-1376
- EPSS 0.52%
- Veröffentlicht 17.03.2026 21:53:44
- Zuletzt bearbeitet 19.03.2026 14:40:00
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
CVE-2025-36371
- EPSS 0.24%
- Veröffentlicht 19.11.2025 19:45:31
- Zuletzt bearbeitet 24.11.2025 14:57:26
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view.
CVE-2025-36367
- EPSS 0.29%
- Veröffentlicht 01.11.2025 12:15:35
- Zuletzt bearbeitet 05.11.2025 19:03:58
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating s...
CVE-2025-36119
- EPSS 0.19%
- Veröffentlicht 08.08.2025 14:25:40
- Zuletzt bearbeitet 15.08.2025 18:15:27
IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges coul...