672
CVEs
19
Critical
117
High
0
KEV
0
PoC
117
Unpatched C/H
17.6%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
19
HIGH
117
MEDIUM
489
LOW
45
Monthly CVE Trend
Affected Products (30)
Windows
51
Concert
42
Db2
40
Sterling B2b Integrator
25
Infosphere Information Server
21
Openpages With Watson
16
Sterling File Gateway
16
Controller
15
Websphere Application Server
13
Applinx
13
Entirex
13
Cognos Controller
13
Cloud Pak For Business Automation
12
Security Verify Access
10
Planning Analytics Local
10
Qradar Security Information And Event Manager
10
Linux Kernel
9
Aspera Shares
8
Aix
8
Security Qradar Edr
8
Command Injection
8
Memory Corruption
8
Db2 Recovery Expert
7
Devops Deploy
7
Cloud Pak System
7
Urbancode Deploy
7
Cognos Analytics
7
Analytics Content Hub
6
Jazz Foundation
6
Datastage On Cloud Pak For Data
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-56346 | IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 0.2% | 50 |
No patch
|
| CVE-2025-13375 | IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 allows unauthenticated users to execute certain cryptographic operations that should require elevated privileges. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2024-56347 | IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.6 | 0.2% | 48 |
No patch
|
| CVE-2025-25022 | Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0. | CRITICAL | 9.6 | 0.1% | 48 |
No patch
|
| CVE-2025-1950 | IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2026-1346 | Local privilege escalation to root in IBM Verify/Security Verify Access products 10.0-11.0.2 allows unauthenticated local users to gain full system control via excessive process privileges (CWE-250). The CVSS 9.3 score reflects local attack vector but no authentication requirement (PR:N) and complete system compromise with scope change. Patch available per vendor advisory. No public exploit identified at time of analysis, though the local attack vector and low complexity (AC:L) suggest straightforward exploitation once local access is obtained. | CRITICAL | 9.3 | 0.0% | 47 |
|
| CVE-2024-51450 | IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.6% | 46 |
No patch
|
| CVE-2025-0159 | IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-42958 | Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-33117 | IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 contains a privilege escalation vulnerability that allows authenticated administrative users to modify configuration files and upload malicious autoupdate packages, leading to arbitrary command execution with system-level privileges. This is a high-severity vulnerability (CVSS 9.1) affecting SIEM infrastructure; while it requires high privileges (PR:H), the network-accessible attack vector (AV:N) and lack of user interaction (UI:N) make it a significant risk in multi-user enterprise environments where administrative credentials may be compromised or misused. | CRITICAL | 9.1 | 0.1% | 46 |
No patch
|
| CVE-2025-36038 | IBM WebSphere Application Server (WAS) versions 8.5 and 9.0 are vulnerable to remote code execution through deserialization of untrusted serialized objects, allowing unauthenticated network attackers to execute arbitrary code with high confidence despite moderate attack complexity. This is a critical Java deserialization vulnerability (CWE-502) affecting enterprise application servers in widespread use; exploitation status and EPSS probability are not yet public but the CVSS 9.0 score and network-accessible attack vector indicate this is a priority concern for organizations running affected WAS versions. | CRITICAL | 9.0 | 0.4% | 45 |
No patch
|
| CVE-2024-28777 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 45 |
No patch
|
| CVE-2025-0975 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2024-52902 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.2% | 44 |
No patch
|
| CVE-2025-36049 | CVE-2025-36049 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation. | HIGH | 8.8 | 0.1% | 44 |
No patch
|