Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.4 CVE-2026-12084

IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains_CVE-2026-12084

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to...

IBM UCD - IBM DevOps Deploy 8.1.0 CVE
MEDIUM 6.5 CVE-2026-11906

IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user_CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated use...

IBM Db2 11.5.0 CVE
MEDIUM 4.3 CVE-2026-11595

IBM WebSphere Application Server is affected by a Path Traversal vulnerability_CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integ...

IBM WebSphere Application Server 9.0 CVE
MEDIUM 5.5 CVE-2025-36372

IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables_CVE-2025-36372

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive informa...

IBM Db2 11.5.0 CVE
MEDIUM 6 CVE-2026-9132

Missing authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository contents via the Copilot pull request diff summary endpoint_CVE-2026-9132

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from privat...

GitHub Enterprise Server 3.17.0 CVE
MEDIUM 4.8 CVE-2026-9106

UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen_CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an o...

GitHub Enterprise Server 3.16.0 CVE
MEDIUM 5.9 CVE-2026-10562

Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface_CVE-2026-10562

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within...

TP-Link Systems Inc. Archer AX20 V2.0 CVE
MEDIUM 5.9 CVE-2025-36336

Transmission of Sensitive Information found in Watson Data Intelligence_CVE-2025-36336

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information ...

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 CVE
MEDIUM 4.3 CVE-2025-36333

Vulnerabilities found in Watson Data Intelligence_CVE-2025-36333

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enfo...

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 CVE
MEDIUM 4.3 CVE-2025-36328

Error Message Containing Sensitive Information found in Watson Data Intelligence_CVE-2025-36328

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical er...

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 CVE