152
CVEs
4
Critical
28
High
0
KEV
0
PoC
15
Unpatched C/H
62.5%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
4
HIGH
28
MEDIUM
111
LOW
7
Monthly CVE Trend
Affected Products (30)
Windows
51
Concert
42
Db2
40
Sterling B2b Integrator
25
Infosphere Information Server
21
Openpages With Watson
16
Sterling File Gateway
16
Controller
15
Cognos Controller
13
Entirex
13
Websphere Application Server
13
Applinx
13
Cloud Pak For Business Automation
12
Security Verify Access
10
Planning Analytics Local
10
Qradar Security Information And Event Manager
10
Aix
8
Aspera Shares
8
Linux Kernel
8
Security Qradar Edr
8
Cognos Analytics
7
Db2 Recovery Expert
7
Urbancode Deploy
7
Cloud Pak System
7
Devops Deploy
7
Datastage On Cloud Pak For Data
6
Business Automation Workflow
6
Maximo Application Suite
6
Security Verify Access Docker
6
Txseries For Multiplatforms
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-8175 | Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Transfer Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) through a heap-based buffer overflow in the asperahttpd component. An unauthenticated network attacker can corrupt memory to crash the service (denial of service) and, in the worst case, hijack execution flow to run arbitrary code or bypass authentication. There is no public exploit identified at time of analysis and SSVC lists exploitation as none, but the CVSS 9.8 rating and 'Automatable: yes' assessment mark this as a high-priority patching target. | CRITICAL | 9.8 | 0.4% | 49 |
No patch
|
| CVE-2026-7524 | Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitrary code by abusing how the platform handles symbolic links while unpacking uploaded archives. Because extraction does not properly validate symlink targets, a crafted archive can write files outside the intended directory and ultimately achieve code execution on the host. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is reachable without authentication or user interaction, though no public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.3% | 49 |
No patch
|
| CVE-2026-1346 | Local privilege escalation to root in IBM Verify/Security Verify Access products 10.0-11.0.2 allows unauthenticated local users to gain full system control via excessive process privileges (CWE-250). The CVSS 9.3 score reflects local attack vector but no authentication requirement (PR:N) and complete system compromise with scope change. Patch available per vendor advisory. No public exploit identified at time of analysis, though the local attack vector and low complexity (AC:L) suggest straightforward exploitation once local access is obtained. | CRITICAL | 9.3 | 0.0% | 47 |
|
| CVE-2026-7876 | Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 through 1.5.19 allows remote attackers to access and modify protected resources without valid credentials, scoring CVSS 9.1 critical. The flaw exposes confidential file transfer data and permits unauthorized modification of integrity-protected assets across all affected releases. No public exploit identified at time of analysis, and EPSS predicts only a 0.02% near-term exploitation probability despite the high severity rating. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2026-3357 | Remote code execution in IBM Langflow Desktop versions 1.6.0 through 1.8.2 allows authenticated attackers to execute arbitrary code via unsafe deserialization in the FAISS component. The vulnerability stems from an insecure default configuration that permits deserialization of untrusted data. With CVSS 8.8 (High) reflecting network accessibility, low complexity, and full impact on confidentiality, integrity, and availability, this represents a critical risk for organizations running affected versions. Vendor-released patch available through IBM security advisory. No public exploit identified at time of analysis, though the attack path is well-understood given the CWE-502 deserialization vulnerability class. | HIGH | 8.8 | 0.1% | 44 |
|
| CVE-2026-6543 | Remote code execution in IBM Langflow Desktop 1.0.0 through 1.8.4 allows authenticated attackers to execute arbitrary commands at the privilege level of the Langflow process. Attackers can exfiltrate API keys and database credentials from environment variables, modify application files, or pivot to internal network targets. IBM has released a vendor patch addressing this code injection vulnerability. No active exploitation confirmed by CISA KEV at time of analysis, though CVSS 8.8 severity and low attack complexity indicate high exploitability once authenticated access is obtained. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-6389 | Privilege escalation in IBM Turbonomic prometurbo agent allows compromised service accounts to exfiltrate cluster-wide Kubernetes secrets and achieve full cluster takeover. Affects versions 8.16.0 through 8.17.6 deployed in Kubernetes environments. The operator grants excessive RBAC permissions enabling unrestricted read access to all secrets cluster-wide. CVSS 8.8 indicates high severity with scope change to container/cluster level. No active exploitation confirmed (not in CISA KEV), but the attack path from service account compromise to cluster admin is well-understood in Kubernetes threat models. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-8179 | Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1) arises from a stack-based buffer overflow in the asperahttpd component. An authenticated user with network access can corrupt memory in this HTTP handling component to run code in the context of the service, fully compromising confidentiality, integrity, and availability (CVSS 8.8). No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; EPSS data was not provided. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-5065 | Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded secret - a password or cryptographic key - that the product uses for inbound authentication, outbound communication, or encryption of internal data. Because the credential is the same across every deployment, an attacker who already holds low-level access (CVSS PR:L) can leverage it to gain full confidentiality, integrity, and availability impact (C:H/I:H/A:H) over the network. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-1342 | Local code execution in IBM Security Verify Access 10.0-10.0.9.1 and 11.0-11.0.2 (both container and non-container deployments) allows unauthenticated local attackers to execute malicious scripts from outside the application's control sphere. This CWE-829 inclusion of functionality from untrusted control sphere vulnerability achieves container escape (scope change to C in CVSS vector), enabling high confidentiality impact and limited integrity/availability impact. No public exploit or active exploitation confirmed at time of analysis, though the low attack complexity (AC:L) and lack of required privileges (PR:N) make this readily exploitable by local users. | HIGH | 8.5 | 0.0% | 43 |
No patch
|
| CVE-2026-4788 | Sensitive information disclosure in IBM Tivoli Netcool Impact versions 7.1.0.0 through 7.1.0.37 allows local attackers with no authentication required to extract credentials and configuration secrets from application log files. With CVSS 8.4 and High impact to confidentiality, integrity, and availability, the CWE-532 flaw enables privilege escalation through exposed secrets. No public exploit identified at time of analysis, with EPSS data unavailable, though the low attack complexity (AC:L) suggests straightforward exploitation once local access is obtained. | HIGH | 8.4 | 0.0% | 42 |
|
| CVE-2026-7365 | Authentication bypass in IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis (Operations Analytics versions 1.3.2.0 through 1.3.8.4) stems from hardcoded default credentials baked in during the manufacturing/installation process. An attacker who can reach the installation can authenticate with these known-default passwords, gaining full control with high confidentiality, integrity, and availability impact. The CVSS 3.1 vector scores this as a local-vector issue (AV:L) rather than remote, no public exploit has been identified, and SSVC reports exploitation status of 'none'. | HIGH | 8.4 | 0.0% | 42 |
No patch
|
| CVE-2026-4101 | Authentication bypass in IBM Verify Identity Access and IBM Security Verify Access (versions 10.0-10.0.9.1 and 11.0-11.0.2, both container and non-container deployments) allows remote attackers to gain unauthorized access under specific high-load conditions without authentication. The vulnerability carries an EPSS score indicating moderate exploitation probability, with vendor patch available but no confirmed active exploitation or public proof-of-concept at time of analysis. Attack complexity is rated high (AC:H), suggesting exploitation requires specific timing or environmental conditions related to load stress. | HIGH | 8.1 | 0.1% | 41 |
|
| CVE-2026-31686 | In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-3623 | Local privilege escalation in IBM Netezza Performance Server Replication Services (versions 3.0.2.0 through 3.0.5.0) allows an already-authenticated, low-privileged user on the appliance to gain full root control. By abusing the over-privileged Replication Services component the attacker can execute root-level commands, spawn a root shell, reset the root password, alter or delete system-wide files, and plant persistent backdoors, resulting in complete loss of confidentiality, integrity, and availability. There is no public exploit identified at time of analysis, and no EPSS score was supplied in the source data, so the issue currently reflects vendor-reported risk rather than observed exploitation. | HIGH | 7.8 | 0.0% | 39 |
No patch
|