Search Results (882 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-8644 1 Ibm 1 Websphere Application Server 2026-06-04 9.1 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
CVE-2026-9319 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security.
CVE-2026-9311 1 Ibm 1 Websphere Application Server 2026-06-04 9 Critical
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.
CVE-2026-9330 1 Ibm 1 Websphere Application Server 2026-06-04 8.5 High
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain.
CVE-2026-8620 1 Ibm 3 Web Server Plug-ins For Websphere Application Server And Websphere Liberty, Web Server Plug Ins For Websphere Application Server And Websphere Liberty, Websphere Application Server 2026-06-02 7.5 High
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request.
CVE-2026-5516 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-02 4.4 Medium
IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window.
CVE-2026-4410 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-06-01 4.8 Medium
IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.
CVE-2026-8633 1 Ibm 2 Web Server Plug Ins For Websphere Application Server And Websphere Liberty, Websphere Application Server 2026-05-27 9.8 Critical
IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request.
CVE-2026-3621 1 Ibm 2 Websphere Application Server, Websphere Application Server Liberty 2026-05-13 7.5 High
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.
CVE-2007-3127 1 Ibm 1 Websphere Portal 2026-04-23 N/A
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
CVE-2007-1945 5 Hp, Ibm, Linux and 2 more 9 Hp-ux, Aix, I5os and 6 more 2026-04-23 N/A
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
CVE-2007-3128 1 Ibm 1 Websphere Portal 2026-04-23 N/A
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-0120 1 Ibm 1 Websphere Datapower Xml Security Gateway Xs40 2026-04-23 N/A
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data.
CVE-2007-3263 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
CVE-2007-3262 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.
CVE-2009-0432 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2007-1608 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
CVE-2006-7166 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
CVE-2007-3264 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
CVE-2006-7164 3 Ibm, Linux, Unix 3 Websphere Application Server, Linux Kernel, Unix 2026-04-23 N/A
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.