Export limit exceeded: 357767 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8644 | 1 Ibm | 1 Websphere Application Server | 2026-06-04 | 9.1 Critical |
| IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. | ||||
| CVE-2026-9319 | 1 Ibm | 1 Websphere Application Server | 2026-06-04 | 9 Critical |
| IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. | ||||
| CVE-2026-9311 | 1 Ibm | 1 Websphere Application Server | 2026-06-04 | 9 Critical |
| IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. | ||||
| CVE-2026-9330 | 1 Ibm | 1 Websphere Application Server | 2026-06-04 | 8.5 High |
| IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. | ||||
| CVE-2026-8620 | 1 Ibm | 3 Web Server Plug-ins For Websphere Application Server And Websphere Liberty, Web Server Plug Ins For Websphere Application Server And Websphere Liberty, Websphere Application Server | 2026-06-02 | 7.5 High |
| IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request. | ||||
| CVE-2026-5516 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-06-02 | 4.4 Medium |
| IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a specific timing window. | ||||
| CVE-2026-4410 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-06-01 | 4.8 Medium |
| IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM WebSphere Application Server 9.0, and 8.5 and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | ||||
| CVE-2026-8633 | 1 Ibm | 2 Web Server Plug Ins For Websphere Application Server And Websphere Liberty, Websphere Application Server | 2026-05-27 | 9.8 Critical |
| IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request. | ||||
| CVE-2026-3621 | 1 Ibm | 2 Websphere Application Server, Websphere Application Server Liberty | 2026-05-13 | 7.5 High |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured. | ||||
| CVE-2006-6136 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | ||||
| CVE-2009-0856 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | ||||
| CVE-2008-5413 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | ||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | ||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | ||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | ||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2026-04-23 | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | ||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2026-04-23 | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | ||||
| CVE-2009-0434 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413. | ||||
| CVE-2009-0508 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | ||||