6.2
CVE-2025-64646 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
5.1
CVE-2025-36440 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
7.3
CVE-2026-4822 - Enter Software Iperius Backup Backup Service temp file
A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only poβ¦
5.1
CVE-2025-36438 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
4.3
CVE-2025-36422 - IBM InfoSphere Information Server is vulnerable to cross-site request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
7.1
CVE-2025-36258 - IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
4.8
CVE-2026-2485 - IBM InfoSphere Information Server Cross-Site Scripting
IBM Infosphere Information ServerΒ 11.7.0.0 throughΒ 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusβ¦
4.3
CVE-2026-33249 - NATS: Message tracing can be redirected to arbitrary subject
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject, inclβ¦
5.7
CVE-2025-14974 - IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
6.4
CVE-2026-33223 - NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages wasβ¦