5.9
CVE-2025-33101 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.
6.9
CVE-2026-2620 - Huace Monitoring and Early Warning System ProjectRole.aspx sql injection
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. Theโฆ
6.5
CVE-2025-33089 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials.
5.4
CVE-2025-36243 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
5.9
CVE-2024-43178 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
6.5
CVE-2025-36018 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 for Z hub componentย is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
7.4
CVE-2026-24734 - Apache Tomcat Native, Apache Tomcat: OCSP revocation bypass
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassโฆ
6.1
CVE-2025-36019 - Multiple Vulnerabilities in IBM Concert Software.
IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sโฆ
6.5
CVE-2026-24733 - Apache Tomcat: Security constraint bypass with HTTP/0.9
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification iโฆ
4
CVE-2025-12755 - Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
IBM MQ Operator (SC2 v3.2.0โ3.8.1, LTS v2.0.0โ2.0.29) and IBMโsupplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.xโ9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorizeโฆ