Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.6 CVE-2026-13449

XXE attack in IBM Business Automation Manager Open Editions_CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XM...

IBM Business Automation Manager Open Editions 9.0.0 CVE
HIGH 7.2 CVE-2026-11806

IBM WebSphere Application Server Liberty is affected by a an arbitrary file read vulnerability_CVE-2026-11806

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0...

IBM WebSphere Application Server - Liberty 17.0.0.3 CVE
HIGH 8.5 CVE-2026-11714

IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability_CVE-2026-11714

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the apiDiscove...

IBM WebSphere Application Server - Liberty 17.0.0.3 CVE
HIGH 7.1 CVE-2026-11546

IBM WebSphere Application Server Liberty is affected by a server-side request forgery vulnerability_CVE-2026-11546

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the adminCente...

IBM WebSphere Application Server - Liberty 17.0.0.3 CVE
HIGH 8.2 CVE-2026-10564

SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection_CVE-2026-10564

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF). The legacy RSSReaderComponent in rss.py and SearXNG component i...

IBM Langflow OSS 1.0.0 CVE
HIGH 8.2 CVE-2026-10560

Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS_CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_tmp/ endpoints that allows an unauthen...

IBM Langflow OSS 1.0.0 CVE
HIGH 7.1 CVE-2026-10546

DNS Rebinding TOCTOU Bypass of SSRF Protection in Langflow OSS URL Component_CVE-2026-10546

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL component ( src/lfx/src/lfx/components/...

IBM Langflow OSS 1.0.0 CVE
HIGH 8.5 CVE-2026-10129

SSRF via HTTP Redirect Following in Langflow API Request Component_CVE-2026-10129

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerability in the API Request component. An...

IBM Langflow OSS 1.0.0-1.9.3 CVE
HIGH 8.7 CVE-2026-44628

OFFIS DCMTK Toolkit Type Confusion_CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directo...

OFFIS DICOM DCMTK Toolkit CVE
HIGH 8.7 CVE-2026-13207

Frangoteam FUXA SCADA/HMI Authentication Bypass by Spoofing_CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fai...

Frangoteam FUXA SCADA/HMI 1.3.1 CVE