Ibm

IBM Aspera High-Speed Transfer Endpoint and Server 3.7.4 through 4.4.7 Fix Pack 1 are vulnerable to a buffer overflow in the asperahttpd component, potentially allowing an authenticated user to execute arbitrary code.

IBM Langflow OSS versions 1.0.0 through 1.9.0 are vulnerable to a denial-of-service (DoS) attack due to uncontrolled resource consumption as tracked by CVE-2026-7528.

IBM Controller versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 are vulnerable to hard-coded credentials (CVE-2026-5065), potentially allowing unauthorized access and control of the application.

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 is vulnerable to CVE-2024-56462, enabling a privileged user to upload a malicious backup archive that, upon restoration, leads to unauthorized access to the underlying operating system.

IBM Engineering Lifecycle Management 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 could allow an attacker with administrative privileges to execute remote code due to an exposed method that is not properly restricted, potentially leading to complete system compromise.

IBM Engineering Lifecycle Management versions 7.0.3 through Interim Fix 021, 7.1.0 through Interim Fix 009, and 7.2.0 through Interim Fix 001 are vulnerable to an unauthenticated remote attacker who can update server property files, leading to unauthorized access to the application.

IBM HTTP Server 8.5 and 9.0 is vulnerable to a denial of service (DoS) in configurations where an attacker possesses write access to server configuration files, as tracked by CVE-2026-8856.

IBM HTTP Server 8.5 and 9.0 are vulnerable to remote code execution and denial of service in configurations utilizing TLS mutual authentication (client authentication).

A remote, anonymous attacker can exploit a vulnerability in IBM Semeru Runtime and IBM DB2 to execute arbitrary program code.

CVE-2026-1343 allows an attacker to contact internal authentication endpoints protected by the Reverse Proxy in IBM Verify Identity Access Container and IBM Security Verify Access Container.

A locally authenticated user can escalate privileges to root on vulnerable IBM Verify Identity Access Container and IBM Security Verify Access Container installations due to the execution of processes with unnecessary privileges, as tracked by CVE-2026-1346.

A remote, anonymous attacker can exploit multiple vulnerabilities in IBM App Connect Enterprise to cause a denial-of-service condition or bypass security measures, enabling cross-site scripting attacks.

An anonymous remote attacker can exploit multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus to achieve arbitrary code execution, information disclosure, file manipulation, or denial of service.