NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-11541 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. | 7.4 | 0.42% | 2026-06-30 | 2026-07-02 |
| CVE-2026-11594 | IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. | 8.5 | 0.28% | 2026-06-30 | 2026-07-02 |
| CVE-2025-36359 | IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system. | 8.1 | 0.20% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36336 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | 5.9 | 0.20% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36333 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. | 4.3 | 0.28% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36328 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 4.3 | 0.36% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36327 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. | 6.5 | 0.38% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36324 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 4.3 | 0.27% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36323 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 5.4 | 0.23% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36321 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | 5.7 | 0.40% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36320 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 6.4 | 0.25% | 2026-06-30 | 2026-07-01 |
| CVE-2025-36319 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling. | 4.3 | 0.42% | 2026-06-30 | 2026-07-01 |
| CVE-2025-12530 | IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | 5.9 | 0.20% | 2026-06-30 | 2026-07-01 |
| CVE-2026-9836 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | 3.5 | 0.15% | 2026-06-30 | 2026-07-02 |
| CVE-2026-9002 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM. | 6.5 | 0.27% | 2026-06-30 | 2026-07-02 |
| CVE-2026-7874 | IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use of a weak and reversible key derivation mechanism for encryption at rest. | 9.1 | 0.16% | 2026-06-30 | 2026-07-02 |
| CVE-2026-7873 | IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement. | 9.9 | 0.29% | 2026-06-30 | 2026-07-02 |
| CVE-2026-7871 | IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity. | 9.8 | 0.39% | 2026-06-30 | 2026-07-02 |
| CVE-2026-7803 | IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow nodes with missing or empty component type fields. | 9.8 | 0.36% | 2026-06-30 | 2026-07-02 |
| CVE-2026-7663 | IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. | 9.1 | 0.26% | 2026-06-30 | 2026-07-02 |