CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1991 – IBM Informix Dynamic Server denial of service
https://notcve.org/view.php?id=CVE-2025-1991
28 Jun 2025 — IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. • https://www.ibm.com/support/pages/node/7238455 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52900 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2024-52900
28 Jun 2025 — IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7238163 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36027 – IBM Datacap clickjacking
https://notcve.org/view.php?id=CVE-2025-36027
28 Jun 2025 — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. • https://www.ibm.com/support/pages/node/7238443 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36026 – IBM Datacap information disclosure
https://notcve.org/view.php?id=CVE-2025-36026
28 Jun 2025 — IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. • https://www.ibm.com/support/pages/node/7238443 • CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39730 – IBM Datacap clickjacking
https://notcve.org/view.php?id=CVE-2024-39730
28 Jun 2025 — IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. • https://www.ibm.com/support/pages/node/7238443 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38007 – IBM Cloud Pak System HTML injection
https://notcve.org/view.php?id=CVE-2023-38007
27 Jun 2025 — IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7237162 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36034 – IBM InfoSphere DataStage Flow Designer information disclosure
https://notcve.org/view.php?id=CVE-2025-36034
26 Jun 2025 — IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. • https://www.ibm.com/support/pages/node/7237604 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36038 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2025-36038
25 Jun 2025 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. • https://www.ibm.com/support/pages/node/7237967 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0966 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2025-0966
25 Jun 2025 — IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7236613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36004 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2025-36004
25 Jun 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. • https://www.ibm.com/support/pages/node/7237732 • CWE-427: Uncontrolled Search Path Element •