NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | 8.5 | 0.28% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | 9.0 | 0.22% | 2026-06-01 | 2026-06-04 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | 9.0 | 0.26% | 2026-06-01 | 2026-06-04 |
| CVE-2026-8644 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | 9.1 | 0.04% | 2026-06-01 | 2026-06-04 |
| CVE-2026-7770 | IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. | 8.8 | 0.23% | 2026-06-01 | 2026-06-02 |
| CVE-2026-1248 | IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. | 4.3 | 0.03% | 2026-05-27 | 2026-05-28 |
| CVE-2026-9035 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to. | 6.5 | 0.04% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8405 | IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. | 6.5 | 0.03% | 2026-05-27 | 2026-06-03 |
| CVE-2026-8180 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash. | 7.5 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8179 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system. | 8.8 | 0.06% | 2026-05-27 | 2026-06-05 |
| CVE-2026-8175 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution. | 9.8 | 0.46% | 2026-05-27 | 2026-06-05 |
| CVE-2026-7876 | IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 | 9.1 | 0.02% | 2026-05-27 | 2026-05-29 |
| CVE-2026-7528 | IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. | 7.1 | 0.06% | 2026-05-27 | 2026-06-02 |
| CVE-2026-7524 | IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. | 9.8 | 0.37% | 2026-05-27 | 2026-06-02 |
| CVE-2026-7365 | IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. | 8.4 | 0.02% | 2026-05-27 | 2026-06-02 |
| CVE-2026-7254 | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | 5.3 | 0.05% | 2026-05-27 | 2026-06-02 |
| CVE-2026-6938 | IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | 6.5 | 0.02% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6936 | IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6053 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6052 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |