Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 10 CVE-2026-56415

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56415

Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A ...

Stonefly Storage Concentrator CVE
CRITICAL 10 CVE-2026-56413

OS Command Injection in StoneFly Storage Concentrator_CVE-2026-56413

Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default...

StoneFly Storage Concentrator CVE
CRITICAL 9.2 CVE-2026-55721

SQL Injection in StoneFly Storage Concentrator_CVE-2026-55721

Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie va...

StoneFly Storage Concentrator CVE
MEDIUM 6.3 CVE-2026-55223

c3p0 exposes a deserialization “sink” via JDBC DataSource bean properties_CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for des...

swaldman c3p0 < 0.14.0 CVE
CRITICAL 9.3 CVE-2026-50110

Use of Hard-coded Credentials in StoneFly Storage Concentrator_CVE-2026-50110

Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the cred...

StoneFly Storage Concentrator CVE
LOW 3.5 CVE-2026-9836

IBM DataStage Flow Designer application is affected by an information disclosure vulnerability_CVE-2026-9836

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.

IBM InfoSphere Information Server 11.7.0.0 CVE
MEDIUM 6.5 CVE-2026-9002

IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled_CVE-2026-9002

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the...

IBM WebSphere Extreme Scale 8.6.1.0 CVE
CRITICAL 9.1 CVE-2026-7874

Weak Cryptographic Key Derivation Exposed All Stored Credentials_CVE-2026-7874

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivat...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.9 CVE-2026-7873

Code Injection Vulnerability in Code Validation Endpoint_CVE-2026-7873

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credential...

IBM Langflow OSS 1.0.0 CVE
CRITICAL 9.8 CVE-2026-7871

Insecure Deserialization in Redis Cache Backend_CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all s...

IBM Langflow OSS 1.0.0 CVE