Filtered by vendor Ibm
Subscriptions
Total
8116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1331 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2026-02-26 | 7.8 High |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. | ||||
| CVE-2025-1137 | 1 Ibm | 2 Spectrum Scale Container Native Storage Access, Storage Scale | 2026-02-26 | 7.5 High |
| IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization. | ||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2026-02-26 | 8.8 High |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | ||||
| CVE-2025-2947 | 1 Ibm | 1 I | 2026-02-26 | 7.2 High |
| IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. | ||||
| CVE-2025-1950 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2026-02-26 | 9.3 Critical |
| IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. | ||||
| CVE-2025-1951 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2026-02-26 | 8.4 High |
| IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | ||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2026-02-26 | 8.5 High |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | ||||
| CVE-2025-36014 | 1 Ibm | 2 Integration Bus, Z\/os | 2026-02-26 | 8.2 High |
| IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | ||||
| CVE-2025-1351 | 1 Ibm | 1 Storage Virtualize | 2026-02-26 | 6.7 Medium |
| IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function. | ||||
| CVE-2025-3357 | 1 Ibm | 1 Tivoli Monitoring | 2026-02-26 | 9.8 Critical |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | ||||
| CVE-2025-25022 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2026-02-26 | 9.6 Critical |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | ||||
| CVE-2025-25021 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2026-02-26 | 7.2 High |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | ||||
| CVE-2025-27904 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 6.5 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-27903 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 5.9 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques. | ||||
| CVE-2025-27900 | 1 Ibm | 2 Db2 Recovery Expert, Db2 Recovery Expert For Luw | 2026-02-26 | 6.8 Medium |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2026-02-26 | 8.4 High |
| IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. | ||||
| CVE-2025-3473 | 1 Ibm | 2 Guardium Data Protection, Security Guardium | 2026-02-26 | 6.7 Medium |
| IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. | ||||
| CVE-2025-1411 | 1 Ibm | 1 Security Verify Directory | 2026-02-26 | 7.8 High |
| IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges. | ||||
| CVE-2025-33117 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-02-26 | 9.1 Critical |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands. | ||||
| CVE-2025-36004 | 1 Ibm | 1 I | 2026-02-26 | 8.8 High |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | ||||