4.2
CVE-2026-33248 - NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be cβ¦
6.7
CVE-2025-14917 - IBM WebSphere Application Server Liberty could provide weaker than expected security
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
5.4
CVE-2025-14912 - IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
6.5
CVE-2025-14915 - IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
6.3
CVE-2025-14810 - IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirationβ¦
4.9
CVE-2026-33222 - NATS JetStream has an authorization bypass through its Management API
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Versioβ¦
5.4
CVE-2026-1561 - IBM WebSphere Application Server Liberty Server-Side Request Forgery
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitatingβ¦
3.1
CVE-2025-14808 - IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
6.5
CVE-2025-14790 - IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
6.2
CVE-2025-12708 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.