3.1
CVE-2026-2475 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acceβ¦
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an opeβ¦
8.7
CVE-2026-34543 - OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pβ¦
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data (information disclosure). β¦
8.4
CVE-2026-34544 - OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decβ¦
4.3
CVE-2026-4820 - IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not sβ¦
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the β¦
8.4
CVE-2026-34545 - OpenEXR: integer overflow lead to OOB in HTJ2K decoder
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write controβ¦
4.1
CVE-2025-36373 - Incorrect administrative access control in IBM DataPower Gateway
IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user.
5.9
CVE-2025-13916 - Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
5.3
CVE-2026-1491 - Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Acceβ¦
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive inforβ¦
6.5
CVE-2026-34531 - Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verificβ¦
6.9
CVE-2026-34530 - File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting (XSS) via admin-controlled branding fields. An admin who β¦