6.3
CVE-2025-14810 - IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expirationโฆ
4.9
CVE-2026-33222 - NATS JetStream has an authorization bypass through its Management API
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them. Versioโฆ
5.4
CVE-2026-1561 - IBM WebSphere Application Server Liberty Server-Side Request Forgery
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitatingโฆ
3.1
CVE-2025-14808 - IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
6.5
CVE-2025-14790 - IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
6.2
CVE-2025-12708 - Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user.
7.4
CVE-2026-33247 - NATS credentials are exposed in monitoring port via command-line argv
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv (the command-line), then those credentials are visible to any user who can see the โฆ
5.3
CVE-2026-33219 - NATS is vulnerable to pre-auth DoS through WebSockets client service
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a correspoโฆ
7.5
CVE-2026-33218 - NATS has pre-auth server panic via leafnode handling
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a โฆ
6.4
CVE-2026-33246 - NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NATโฆ