Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 9,281 - 9,300 of 37,697 CVEs
CVE-2026-8405 MEDIUM - 6.5

IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.

Vendor: ibm
Product: guardium_data_protection
Published: May 27, 2026
Source: NVD
CVE-2026-8180 HIGH - 7.5

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause th...

Published: May 27, 2026
Source: NVD
CVE-2026-8179 HIGH - 8.8

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated ...

Published: May 27, 2026
Source: NVD
CVE-2026-8175 CRITICAL - 9.8

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a...

Published: May 27, 2026
Source: NVD
CVE-2026-7876 CRITICAL - 9.1

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19

Vendor: ibm
Product: aspera_high-speed_transfer_server_for_cloud_pak_for_integration
Published: May 27, 2026
Source: NVD
CVE-2026-7528 HIGH - 7.1

IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.

Vendor: langflow
Product: langflow
Published: May 27, 2026
Source: NVD
CVE-2026-7524 CRITICAL - 9.8

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

Vendor: langflow
Product: langflow
Published: May 27, 2026
Source: NVD
CVE-2026-7365 HIGH - 8.4

IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication.

Vendor: ibm
Product: operations_analytics_log_analysis
Published: May 27, 2026
Source: NVD
CVE-2026-7254 MEDIUM - 5.3

IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.

Vendor: ibm
Product: openbmc
Published: May 27, 2026
Source: NVD
CVE-2026-6938 MEDIUM - 6.5

IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.

Vendor: ibm
Product: db2
Published: May 27, 2026
Source: NVD
CVE-2026-6936 MEDIUM - 6.5

IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of stat...

Vendor: ibm
Product: i
Published: May 27, 2026
Source: NVD
CVE-2026-6053 MEDIUM - 5.5

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.

Vendor: ibm
Product: db2
Published: May 27, 2026
Source: NVD
CVE-2026-6052 MEDIUM - 6.5

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Vendor: ibm
Product: db2
Published: May 27, 2026
Source: NVD
CVE-2026-6051 MEDIUM - 5.5

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

Vendor: ibm
Product: db2
Published: May 27, 2026
Source: NVD
CVE-2026-5516 MEDIUM - 4.4

IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.

Vendor: ibm
Product: websphere_application_server
Published: May 27, 2026
Source: NVD
CVE-2026-5515 MEDIUM - 5.5

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.

Vendor: ibm
Product: app_connect_enterprise
Published: May 27, 2026
Source: NVD
CVE-2026-5065 HIGH - 8.8

IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Vendor: ibm
Product: controller
Published: May 27, 2026
Source: NVD
CVE-2026-4410 MEDIUM - 4.8

IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to ...

Vendor: ibm
Product: websphere_application_server
Published: May 27, 2026
Source: NVD
CVE-2026-48972 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects SeedProd Pro: from n/a before 6.19.5.

Vendor: SeedProd LLC
Product: SeedProd Pro
Published: May 27, 2026
Source: NVD
CVE-2026-48971 MEDIUM - 4.3

Missing Authorization vulnerability in WebToffee Product Import Export for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Import Export for WooCommerce: from n/a through 2.5.6.

Vendor: WebToffee
Product: Product Import Export for WooCommerce
Published: May 27, 2026
Source: NVD