7.1
CVE-2025-36258 - IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
4.8
CVE-2026-2485 - IBM InfoSphere Information Server Cross-Site Scripting
IBM Infosphere Information ServerΒ 11.7.0.0 throughΒ 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusβ¦
4.3
CVE-2026-33249 - NATS: Message tracing can be redirected to arbitrary subject
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject, inclβ¦
5.7
CVE-2025-14974 - IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
6.4
CVE-2026-33223 - NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages wasβ¦
4.3
CVE-2026-1262 - IBM InfoSphere Information Server Information Disclosure
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
4.2
CVE-2026-33248 - NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be cβ¦
6.7
CVE-2025-14917 - IBM WebSphere Application Server Liberty could provide weaker than expected security
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
5.4
CVE-2025-14912 - IBM InfoSphere Information Server is vulnerable to server-side request forgery
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
6.5
CVE-2025-14915 - IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.