45
CVEs
3
Critical
12
High
0
KEV
0
PoC
11
Unpatched C/H
42.2%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
3
HIGH
12
MEDIUM
28
LOW
0
Monthly CVE Trend
Affected Products (30)
Windows
51
Concert
42
Db2
40
Sterling B2b Integrator
25
Infosphere Information Server
21
Openpages With Watson
16
Sterling File Gateway
16
Controller
15
Cognos Controller
13
Entirex
13
Websphere Application Server
13
Applinx
13
Cloud Pak For Business Automation
12
Security Verify Access
10
Planning Analytics Local
10
Qradar Security Information And Event Manager
10
Aix
8
Aspera Shares
8
Linux Kernel
8
Security Qradar Edr
8
Cognos Analytics
7
Db2 Recovery Expert
7
Urbancode Deploy
7
Cloud Pak System
7
Devops Deploy
7
Datastage On Cloud Pak For Data
6
Business Automation Workflow
6
Maximo Application Suite
6
Security Verify Access Docker
6
Txseries For Multiplatforms
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-7524 | Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitrary code by abusing how the platform handles symbolic links while unpacking uploaded archives. Because extraction does not properly validate symlink targets, a crafted archive can write files outside the intended directory and ultimately achieve code execution on the host. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is reachable without authentication or user interaction, though no public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.3% | 49 |
No patch
|
| CVE-2026-8175 | Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Transfer Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) through a heap-based buffer overflow in the asperahttpd component. An unauthenticated network attacker can corrupt memory to crash the service (denial of service) and, in the worst case, hijack execution flow to run arbitrary code or bypass authentication. There is no public exploit identified at time of analysis and SSVC lists exploitation as none, but the CVSS 9.8 rating and 'Automatable: yes' assessment mark this as a high-priority patching target. | CRITICAL | 9.8 | 0.4% | 49 |
No patch
|
| CVE-2026-7876 | Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 through 1.5.19 allows remote attackers to access and modify protected resources without valid credentials, scoring CVSS 9.1 critical. The flaw exposes confidential file transfer data and permits unauthorized modification of integrity-protected assets across all affected releases. No public exploit identified at time of analysis, and EPSS predicts only a 0.02% near-term exploitation probability despite the high severity rating. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2026-6543 | Remote code execution in IBM Langflow Desktop 1.0.0 through 1.8.4 allows authenticated attackers to execute arbitrary commands at the privilege level of the Langflow process. Attackers can exfiltrate API keys and database credentials from environment variables, modify application files, or pivot to internal network targets. IBM has released a vendor patch addressing this code injection vulnerability. No active exploitation confirmed by CISA KEV at time of analysis, though CVSS 8.8 severity and low attack complexity indicate high exploitability once authenticated access is obtained. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-6389 | Privilege escalation in IBM Turbonomic prometurbo agent allows compromised service accounts to exfiltrate cluster-wide Kubernetes secrets and achieve full cluster takeover. Affects versions 8.16.0 through 8.17.6 deployed in Kubernetes environments. The operator grants excessive RBAC permissions enabling unrestricted read access to all secrets cluster-wide. CVSS 8.8 indicates high severity with scope change to container/cluster level. No active exploitation confirmed (not in CISA KEV), but the attack path from service account compromise to cluster admin is well-understood in Kubernetes threat models. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-5065 | Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded secret - a password or cryptographic key - that the product uses for inbound authentication, outbound communication, or encryption of internal data. Because the credential is the same across every deployment, an attacker who already holds low-level access (CVSS PR:L) can leverage it to gain full confidentiality, integrity, and availability impact (C:H/I:H/A:H) over the network. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-8179 | Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) arises from a stack-based buffer overflow in the asperahttpd component. An authenticated user with network access can corrupt memory in this HTTP handling component to run code in the context of the service, fully compromising confidentiality, integrity, and availability (CVSS 8.8). No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; EPSS data was not provided. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-7365 | Authentication bypass in IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis (Operations Analytics versions 1.3.2.0 through 1.3.8.4) stems from hardcoded default credentials baked in during the manufacturing/installation process. An attacker who can reach the installation can authenticate with these known-default passwords, gaining full control with high confidentiality, integrity, and availability impact. The CVSS 3.1 vector scores this as a local-vector issue (AV:L) rather than remote, no public exploit has been identified, and SSVC reports exploitation status of 'none'. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2026-3623 | Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-4503 | Unauthenticated remote disclosure of user-uploaded images in IBM Langflow Desktop 1.0.0-1.8.4 allows network attackers to enumerate and access other users' private images through predictable object references. With CVSS 7.5 (High) reflecting unauthenticated network exploitation, and EPSS data not provided, risk depends on whether installations expose the vulnerable endpoint to untrusted networks. No KEV listing or public exploit code identified at time of analysis, suggesting discovery through vendor security review rather than active exploitation. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-3366 | Directory traversal in IBM InfoSphere Optim Test Data Fabrication (versions 1.0.0 through 1.0.2.7) lets a remote, unauthenticated attacker read arbitrary files from the host by sending a crafted URL containing '../' sequences. The flaw is purely an information-disclosure issue - confidentiality is impacted with no integrity or availability effect - and CVSS rates it 7.5 (High). There is no public exploit identified at time of analysis, and CISA's SSVC framework records exploitation status as none, though it flags the issue as automatable. | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2026-8180 | Remote denial of service in IBM Aspera High-Speed Transfer Endpoint and High-Speed Transfer Server (versions 3.7.4 through 4.4.7 Fix Pack 1) allows an unauthenticated network attacker to crash the asperahttpd service via a NULL pointer dereference. Exploitation requires no credentials and no user interaction, yielding a complete loss of availability for the affected transfer service. There is no public exploit identified at time of analysis, and the issue has no confidentiality or integrity impact. | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2026-1718 | Denial of service in IBM Db2 11.5.0-11.5.9 and 12.1.0-12.1.4 allows an authenticated database user to crash or exhaust the database engine by submitting a specially crafted query when the autonomous transactions feature is enabled. The flaw (CWE-770, uncontrolled resource allocation) carries a CVSS 7.1 with high availability impact but no confidentiality or integrity loss. There is no public exploit identified at time of analysis, and CISA SSVC rates exploitation as 'none', indicating no observed activity to date. | HIGH | 7.1 | 0.0% | 36 |
No patch
|
| CVE-2026-7528 | Denial of service in IBM Langflow OSS 1.0.0 through 1.9.0 lets a low-privileged, authenticated remote attacker drive uncontrolled resource consumption (CWE-400) to degrade or crash the service, with a high availability impact and a minor confidentiality exposure per the CVSS vector. The flaw is network-reachable, requires no user interaction, and needs only a low-privilege account. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was supplied. | HIGH | 7.1 | 0.0% | 36 |
No patch
|
| CVE-2026-3345 | Path traversal in IBM Langflow Desktop versions 1.8.4 and earlier allows authenticated remote attackers to read arbitrary files on the system by crafting URLs containing directory traversal sequences (/../). The vulnerability affects the file handling mechanism and could expose sensitive configuration, source code, or other confidential files accessible to the Langflow process. A vendor-released patch is available. | MEDIUM | 6.5 | 0.1% | 33 |
|