CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51475 – IBM Content Navigator HTML injection
https://notcve.org/view.php?id=CVE-2024-51475
16 May 2025 — IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. • https://www.ibm.com/support/pages/node/7233695 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1138 – IBM Information Server information disclosure
https://notcve.org/view.php?id=CVE-2025-1138
15 May 2025 — IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. • https://www.ibm.com/support/pages/node/7230295 • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3440 – IBM Security Guardium cross-site scripting
https://notcve.org/view.php?id=CVE-2025-3440
15 May 2025 — IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7233600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-33104 – CWE-79
https://notcve.org/view.php?id=CVE-2025-33104
14 May 2025 — IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7233438 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2900 – IBM Semeru Runtime denial of service
https://notcve.org/view.php?id=CVE-2025-2900
14 May 2025 — IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation. • https://www.ibm.com/support/pages/node/7233415 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3632 – IBM 4769 Developers Toolkit denial of service
https://notcve.org/view.php?id=CVE-2025-3632
12 May 2025 — IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size. • https://www.ibm.com/support/pages/node/7233139 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1137 – IBM Storage Scale command injection
https://notcve.org/view.php?id=CVE-2025-1137
10 May 2025 — IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. • https://www.ibm.com/support/pages/node/7233085 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1993 – IBM App Connect Enterprise Certified Container information disclosure
https://notcve.org/view.php?id=CVE-2025-1993
09 May 2025 — IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. • https://www.ibm.com/support/pages/node/7233054 • CWE-521: Weak Password Requirements •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1331 – IBM CICS TX code execution
https://notcve.org/view.php?id=CVE-2025-1331
08 May 2025 — IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. • https://www.ibm.com/support/pages/node/7232923 • CWE-242: Use of Inherently Dangerous Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1330 – IBM CICS TX code execution
https://notcve.org/view.php?id=CVE-2025-1330
08 May 2025 — IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function. • https://www.ibm.com/support/pages/node/7232923 • CWE-787: Out-of-bounds Write •