CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36038 – IBM WebSphere Application Server code execution
https://notcve.org/view.php?id=CVE-2025-36038
25 Jun 2025 — IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. • https://www.ibm.com/support/pages/node/7237967 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0966 – IBM InfoSphere Information Server SQL injection
https://notcve.org/view.php?id=CVE-2025-0966
25 Jun 2025 — IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. • https://www.ibm.com/support/pages/node/7236613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36004 – IBM i privilege escalation
https://notcve.org/view.php?id=CVE-2025-36004
25 Jun 2025 — IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. • https://www.ibm.com/support/pages/node/7237732 • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3629 – IBM InfoSphere Information Server file manipulation
https://notcve.org/view.php?id=CVE-2025-3629
21 Jun 2025 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. • https://www.ibm.com/support/pages/node/7235496 • CWE-282: Improper Ownership Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3221 – IBM InfoSphere Information Server denial of service
https://notcve.org/view.php?id=CVE-2025-3221
21 Jun 2025 — IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. • https://www.ibm.com/support/pages/node/7235496 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36016 – IBM Process Mining HTTP open redirect
https://notcve.org/view.php?id=CVE-2025-36016
21 Jun 2025 — IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. • https://www.ibm.com/support/pages/node/7237502 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3319 – IBM Spectrum Protect Server authentication bypass
https://notcve.org/view.php?id=CVE-2025-3319
20 Jun 2025 — IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources. • https://www.ibm.com/support/pages/node/7236999 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33117 – IBM QRadar SIEM command execution
https://notcve.org/view.php?id=CVE-2025-33117
19 Jun 2025 — IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands. • https://www.ibm.com/support/pages/node/7237317 • CWE-73: External Control of File Name or Path •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33121 – IBM QRadar SIEM XML external entity injection
https://notcve.org/view.php?id=CVE-2025-33121
19 Jun 2025 — IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. • https://www.ibm.com/support/pages/node/7237317 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36050 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2025-36050
19 Jun 2025 — IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. • https://www.ibm.com/support/pages/node/7237317 • CWE-532: Insertion of Sensitive Information into Log File •