CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2026-10562
Medium

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences, which when processed by the embedded web server may cause the device to respond with HTTP 3xx redirects to attacker-controlled external domains.

CVE-2025-36359
High

The vulnerability in IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration. This allows an authenticated user to impersonate another user on the system.

CVE-2025-36336
Medium

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 transmit data in clear text, allowing an attacker to obtain sensitive information using man-in-the-middle techniques.

CVE-2025-36333
Medium

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows an authenticated user to perform unauthorized actions due to improper enforcement of behavioral workflow.

CVE-2025-36328
Medium

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows a remote attacker to obtain sensitive information through detailed error messages returned in the browser. This information could be used in further attacks against the system.

CVE-2025-36327
Medium

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security.

CVE-2025-36324
Medium

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to server-side request forgery (SSRF). An authenticated attacker can send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2025-36323
Medium

Cross-site scripting vulnerability in IBM watsonx.data intelligence allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

CVE-2025-36321
Medium

IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 are vulnerable to HTML injection. A remote attacker can inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVE-2025-36320
Medium

Stored cross-site scripting vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. Allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially leading to credential disclosure within a trusted session.

CVE-2025-36319
Medium

A vulnerability in IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0 allows an authenticated user to cause a temporary denial of service via a specially crafted HTTP request. The issue stems from improper allocation of resource throttling.

CVE-2025-12530
Medium

IBM watsonx.data intelligence versions 5.2.2, 5.3.0, 5.3.1, and 5.3.1 through patch-1 transmit data in clear text. This allows an attacker to obtain sensitive information using man-in-the-middle techniques.

CVE-2026-9836
Low

IBM InfoSphere Information Server versions 11.7.0.0 through 11.7.1.6 are affected by an information disclosure vulnerability. An attacker could exploit this flaw to gain access to sensitive data.

CVE-2026-9002
Medium

IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 contain a denial-of-service vulnerability due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may lead to a StackOverflowError or OutOfMemoryError.

CVE-2026-7874
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability that could disclose all stored credentials. The issue is due to the use of a weak and reversible key derivation mechanism for encryption at rest.

CVE-2026-7873
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials. This leads to complete system compromise and enables lateral movement.

CVE-2026-7871
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing users with Redis access to execute arbitrary code with full application privileges. This compromises all secrets, data, and system integrity.

CVE-2026-7803
Critical

IBM Langflow OSS versions 1.0.0 through 1.10.0 contain a vulnerability allowing remote arbitrary code execution. The issue stems from improper validation of flow nodes with missing or empty component type fields.

CVE-2026-7663
Critical

IBM Langflow OSS versions 1.0.0 through 1.9.6 contain a vulnerability due to improper authorization enforcement in the Streamable MCP transport endpoint. This allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.

CVE-2026-3602
Medium

IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 and 12.0.1.0 through 12.0.12.26, as well as IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7, are vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.

PreviousPage 260 of 4714Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS