Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-9836 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | 3.5 | 0.15% | 2026-06-30 | 2026-07-02 |
| CVE-2026-9610 | IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls. | 2.3 | 0.19% | 2026-06-22 | 2026-06-26 |
| CVE-2026-9330 | IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | 8.5 | 0.47% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9320 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | 5.9 | 0.31% | 2026-06-22 | 2026-06-23 |
| CVE-2026-9319 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | 9.0 | 0.46% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9311 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | 9.0 | 0.49% | 2026-06-01 | 2026-06-17 |
| CVE-2026-9170 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service and a potential remote code execution due to improper input validation. | 9.8 | 0.49% | 2026-05-26 | 2026-06-17 |
| CVE-2026-9074 | IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality. | 9.1 | 0.51% | 2026-07-08 | 2026-07-10 |
| CVE-2026-9072 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in. | 8.1 | 0.38% | 2026-06-22 | 2026-07-09 |
| CVE-2026-9071 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | 7.5 | 0.31% | 2026-06-22 | 2026-06-23 |
| CVE-2026-9035 | IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the server’s local storage that they should not have access to. | 6.5 | 0.31% | 2026-05-27 | 2026-06-17 |
| CVE-2026-9006 | IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. | 7.4 | 0.23% | 2026-06-22 | 2026-06-24 |
| CVE-2026-9002 | IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may allow an attacker on the same network to trigger a StackOverflowError or OutOfMemoryError, resulting in a crash of the WebSphere Application Server JVM. | 6.5 | 0.27% | 2026-06-30 | 2026-07-02 |
| CVE-2026-8858 | IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in. | 7.5 | 0.26% | 2026-06-22 | 2026-07-09 |
| CVE-2026-8856 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration. | 7.7 | 0.20% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8855 | IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication). | 8.1 | 0.46% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8854 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. | 7.5 | 0.36% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8852 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. | 6.2 | 0.20% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8850 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | 7.5 | 0.38% | 2026-05-26 | 2026-06-17 |
| CVE-2026-8835 | IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service. | 7.3 | 0.25% | 2026-05-26 | 2026-06-17 |