4.3
CVE-2023-38005 - Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affecโฆ
IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls.
6.1
CVE-2025-33135 - IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulneโฆ
IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to eโฆ
7.4
CVE-2025-33088 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.
3.8
CVE-2025-36183 - Privileged User File Upload Vulnerability Leading to Limited Server-Side Execution affects watsonx.โฆ
IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data.
8.5
CVE-2026-2627 - Softland FBackup Backup/Restore HID.dll link following
A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Restore. The manipulation results in link following. The attack needs to be approached locally. The eโฆ
4.9
CVE-2025-36348 - The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Informaโฆ
IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1ย may expose sensitive information to a remote privileged attackโฆ
5.3
CVE-2026-2623 - Blossom File Upload BLOSManager.java put path traversal
A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path traversal. The attack may be initiated remotely. โฆ
6.5
CVE-2026-23598 - Unauthenticated Information Disclosure in application API allows sensitive system information exposโฆ
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well โฆ
6.5
CVE-2026-23597 - Unauthenticated Information Disclosure in application API allows sensitive system information exposโฆ
Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well โฆ
6.5
CVE-2026-23596 - Unauthenticated Improper Access Control in management API allows unauthorized service disruption
A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt services and negatively impact system availability.