Search Results (8339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-4502 2 Ibm, Langflow 2 Langflow Desktop, Langflow Desktop 2026-05-11 6.5 Medium
IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVE-2026-3346 2 Ibm, Langflow 2 Langflow Desktop, Langflow Desktop 2026-05-11 6.4 Medium
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2026-3340 2 Ibm, Langflow 2 Langflow Desktop, Langflow Desktop 2026-05-11 6.5 Medium
IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVE-2026-3345 2 Ibm, Langflow 2 Langflow Desktop, Langflow Desktop 2026-05-11 6.5 Medium
IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2026-6543 2 Ibm, Langflow 2 Langflow Desktop, Langflow Desktop 2026-05-11 8.8 High
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables (API keys, DB credentials), modifying files, or launching further attacks on the internal network.
CVE-2026-1577 1 Ibm 1 Db2 2026-05-10 6.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2025-36105 1 Ibm 1 Planning Analytics Advanced Certified Containers 2026-05-06 4.4 Medium
IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables.
CVE-2026-6389 1 Ibm 1 Turbonomic Prometurbo Agent 2026-05-05 8.8 High
IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise.
CVE-2026-6542 2 Ibm, Langflow 2 Langflow Oss, Langflow 2026-05-04 6.5 Medium
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow.
CVE-2026-2311 1 Ibm 1 I 2026-05-01 6.4 Medium
IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check.  A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-14688 1 Ibm 1 Db2 2026-05-01 5.3 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist.
CVE-2025-36122 1 Ibm 1 Db2 2026-05-01 6.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources.
CVE-2026-1352 1 Ibm 1 Db2 2026-04-27 6.5 Medium
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2026-4917 1 Ibm 1 Guardium Data Protection 2026-04-24 4.9 Medium
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to write arbitrary files on the system.
CVE-2026-1274 1 Ibm 1 Guardium Data Protection 2026-04-24 4.9 Medium
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel.
CVE-2026-4919 1 Ibm 1 Guardium Data Protection 2026-04-24 4.8 Medium
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2026-4918 1 Ibm 1 Guardium Data Protection 2026-04-24 5.5 Medium
IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2026-1272 1 Ibm 1 Guardium Data Protection 2026-04-24 2.7 Low
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel.
CVE-2007-2736 9 Achievo, Apple, Hp and 6 more 18 Achievo, A Ux, Mac Os X and 15 more 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2006-5663 1 Ibm 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect 2026-04-23 N/A
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.