Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68470 (GCVE-0-2025-68470)
Vulnerability from cvelistv5 – Published: 2026-01-10 02:39 – Updated: 2026-01-12 18:17
VLAI
EPSS
Title
React Router has unexpected external redirect via untrusted paths
Summary
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/remix-run/react-router/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| remix-run | react-router |
Affected:
>= 7.0.0, < 7.9.6
Affected: >= 6.0.0, < 6.30.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:17:37.258808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:17:43.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "react-router",
"vendor": "remix-run",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.9.6"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.30.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T02:39:41.078Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m"
}
],
"source": {
"advisory": "GHSA-9jcx-v3wj-wh4m",
"discovery": "UNKNOWN"
},
"title": "React Router has unexpected external redirect via untrusted paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68470",
"datePublished": "2026-01-10T02:39:41.078Z",
"dateReserved": "2025-12-18T13:48:59.555Z",
"dateUpdated": "2026-01-12T18:17:43.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68470",
"date": "2026-06-17",
"epss": "0.00198",
"percentile": "0.09727"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68470\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-10T03:15:48.477\",\"lastModified\":\"2026-01-30T18:20:54.873\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-601\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.30.1\",\"matchCriteriaId\":\"FFF65931-3D66-4739-BFC7-9632E04CFBD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.9.5\",\"matchCriteriaId\":\"7460DDBE-CAD6-4AD1-A8CF-334FBB977ABE\"}]}]}],\"references\":[{\"url\":\"https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68470\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-12T18:17:37.258808Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-12T18:17:40.976Z\"}}], \"cna\": {\"title\": \"React Router has unexpected external redirect via untrusted paths\", \"source\": {\"advisory\": \"GHSA-9jcx-v3wj-wh4m\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"remix-run\", \"product\": \"react-router\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.9.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.30.2\"}]}], \"references\": [{\"url\": \"https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m\", \"name\": \"https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-601\", \"description\": \"CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-10T02:39:41.078Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68470\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-12T18:17:43.794Z\", \"dateReserved\": \"2025-12-18T13:48:59.555Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-10T02:39:41.078Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
CERTFR-2026-AVI-0523
Vulnerability from certfr_avis - Published: 2026-04-30 - Updated: 2026-04-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix048 | ||
| IBM | WebSphere | WebSphere Application Server - Liberty versions 17.0.0.3 à 26.0.0.4 sans le dernier correctif de sécurité | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 15.0 sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 12.10.x sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Informix Dynamic Server | Informix Dynamic Server versions 14.10 sans le correctif de sécurité HQ 3.2.2 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix019 | ||
| IBM | Security QRadar Log Management AQL | greffon Security QRadar Log Management AQL versions 1.x antérieures à 1.1.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix048",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server - Liberty versions 17.0.0.3 \u00e0 26.0.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 15.0 sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 12.10.x sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Informix Dynamic Server versions 14.10 sans le correctif de s\u00e9curit\u00e9 HQ 3.2.2",
"product": {
"name": "Informix Dynamic Server",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix019",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "greffon Security QRadar Log Management AQL versions 1.x ant\u00e9rieures \u00e0 1.1.5",
"product": {
"name": "Security QRadar Log Management AQL",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-22610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22610"
},
{
"name": "CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"name": "CVE-2026-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3621"
},
{
"name": "CVE-2025-66412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
},
{
"name": "CVE-2025-66035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
},
{
"name": "CVE-2026-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"name": "CVE-2026-24051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2025-67030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
},
{
"name": "CVE-2026-0540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2026-27970",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27970"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2025-15599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15599"
},
{
"name": "CVE-2024-31033",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31033"
},
{
"name": "CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2026-27601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
}
],
"initial_release_date": "2026-04-30T00:00:00",
"last_revision_date": "2026-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270805",
"url": "https://www.ibm.com/support/pages/node/7270805"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270827",
"url": "https://www.ibm.com/support/pages/node/7270827"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270869",
"url": "https://www.ibm.com/support/pages/node/7270869"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270820",
"url": "https://www.ibm.com/support/pages/node/7270820"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270845",
"url": "https://www.ibm.com/support/pages/node/7270845"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270868",
"url": "https://www.ibm.com/support/pages/node/7270868"
},
{
"published_at": "2026-04-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270775",
"url": "https://www.ibm.com/support/pages/node/7270775"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7270692",
"url": "https://www.ibm.com/support/pages/node/7270692"
}
]
}
FKIE_CVE-2025-68470
Vulnerability from fkie_nvd - Published: 2026-01-10 03:15 - Updated: 2026-01-30 18:20
Severity
Summary
React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| shopify | react-router | * | |
| shopify | react-router | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "FFF65931-3D66-4739-BFC7-9632E04CFBD6",
"versionEndIncluding": "6.30.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7460DDBE-CAD6-4AD1-A8CF-334FBB977ABE",
"versionEndIncluding": "7.9.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), \u003cLink\u003e, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6."
},
{
"lang": "es",
"value": "React Router es un router para React. En las versiones 6.0.0 a 6.30.1 y 7.0.0 a 7.9.5, una ruta proporcionada por un atacante puede ser dise\u00f1ada de modo que cuando una aplicaci\u00f3n de React Router navega a ella a trav\u00e9s de navigate(), , o redirect(), la aplicaci\u00f3n realiza una navegaci\u00f3n/redirecci\u00f3n a una URL externa. Esto es solo un problema si est\u00e1 pasando contenido no confiable a rutas de navegaci\u00f3n en el c\u00f3digo de su aplicaci\u00f3n. Este problema ha sido parcheado en las versiones 6.30.2 y 7.9.6."
}
],
"id": "CVE-2025-68470",
"lastModified": "2026-01-30T18:20:54.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-01-10T03:15:48.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-9JCX-V3WJ-WH4M
Vulnerability from github – Published: 2026-01-08 20:48 – Updated: 2026-01-11 14:54
VLAI
Summary
React Router has unexpected external redirect via untrusted paths
Details
An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code.
Severity
6.5 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "react-router"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.30.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "react-router"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.9.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-68470"
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-08T20:48:21Z",
"nvd_published_at": "2026-01-10T03:15:48Z",
"severity": "MODERATE"
},
"details": "An attacker-supplied path can be crafted so that when a React Router application navigates to it via `navigate()`, `\u003cLink\u003e`, or `redirect()`, the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code.",
"id": "GHSA-9jcx-v3wj-wh4m",
"modified": "2026-01-11T14:54:02Z",
"published": "2026-01-08T20:48:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68470"
},
{
"type": "PACKAGE",
"url": "https://github.com/remix-run/react-router"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "React Router has unexpected external redirect via untrusted paths"
}
WID-SEC-W-2026-0752
Vulnerability from csaf_certbund - Published: 2026-03-16 23:00 - Updated: 2026-06-07 22:00Summary
IBM SPSS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, um einen Denial of Service Angriff durchzuführen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM SPSS <9.0.0.0 IF002
IBM / SPSS
|
<9.0.0.0 IF002 | ||
|
IBM Storage Scale <5.2.3.7
IBM / Storage Scale
|
<5.2.3.7 |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools f\u00fcr Gesch\u00e4ftsbenutzer, Analysten und Statistik-Programmierer.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0752 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0752.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0752 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0752"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2026-03-16",
"url": "https://www.ibm.com/support/pages/node/7266375"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7267856 vom 2026-03-27",
"url": "https://www.ibm.com/support/pages/node/7267856"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:7670 vom 2026-04-13",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21111-1 vom 2026-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025372.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18054 vom 2026-05-18",
"url": "https://access.redhat.com/errata/RHSA-2026:18054"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7275269 vom 2026-06-05",
"url": "https://www.ibm.com/support/pages/node/7275269"
}
],
"source_lang": "en-US",
"title": "IBM SPSS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-07T22:00:00.000+00:00",
"generator": {
"date": "2026-06-08T09:27:56.255+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0752",
"initial_release_date": "2026-03-16T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-16T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T052517",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.0.0 IF002",
"product": {
"name": "IBM SPSS \u003c9.0.0.0 IF002",
"product_id": "T051782"
}
},
{
"category": "product_version",
"name": "9.0.0.0 IF002",
"product": {
"name": "IBM SPSS 9.0.0.0 IF002",
"product_id": "T051782-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:9.0.0.0_if002"
}
}
}
],
"category": "product_name",
"name": "SPSS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.3.7",
"product": {
"name": "IBM Storage Scale \u003c5.2.3.7",
"product_id": "T055026"
}
},
{
"category": "product_version",
"name": "5.2.3.7",
"product": {
"name": "IBM Storage Scale 5.2.3.7",
"product_id": "T055026-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.7"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59057",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2025-59057"
},
{
"cve": "CVE-2025-64718",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-68470",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2025-68470"
},
{
"cve": "CVE-2026-21884",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-21884"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-22030",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-22030"
},
{
"cve": "CVE-2026-26996",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27903",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-27903"
},
{
"cve": "CVE-2026-27904",
"product_status": {
"known_affected": [
"T002207",
"T052517",
"67646",
"T032495",
"T051782",
"T055026"
]
},
"release_date": "2026-03-16T23:00:00.000+00:00",
"title": "CVE-2026-27904"
}
]
}
WID-SEC-W-2026-1007
Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-06-11 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuführen, um einen SQL-Injection Angriff durchzuführen, und um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux 10.0 Extended Update Support
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10.0_extended_update_support
|
10.0 Extended Update Support | |
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.7.1
IBM / App Connect Enterprise
|
<13.0.7.1 |
References
14 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um Dateien zu manipulieren, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, um einen SQL-Injection Angriff durchzuf\u00fchren, und um beliebigen Programmcode auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1007 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1007.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1007 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1007"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268737 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268737"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268738 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268738"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268740 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268740"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268741 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268741"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268743 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268743"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268744 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268744"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268745 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268745"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7268747 vom 2026-04-07",
"url": "https://www.ibm.com/support/pages/node/7268747"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14087 vom 2026-05-06",
"url": "https://access.redhat.com/errata/RHSA-2026:14087"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17083 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17083"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274746 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274746"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7275963 vom 2026-06-11",
"url": "https://www.ibm.com/support/pages/node/7275963"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-11T22:00:00.000+00:00",
"generator": {
"date": "2026-06-12T07:37:37.117+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1007",
"initial_release_date": "2026-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-11T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.7.1",
"product_id": "2F33676F-DD00-4E4F-ADCC-F29993D51A12"
}
},
{
"category": "product_version",
"name": "13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.7.1",
"product_id": "2F33676F-DD00-4E4F-ADCC-F29993D51A12-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.7.1"
}
}
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T052517",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T054024",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14550",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-14550"
},
{
"cve": "CVE-2025-14831",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-14831"
},
{
"cve": "CVE-2025-15281",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15281"
},
{
"cve": "CVE-2025-15366",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15366"
},
{
"cve": "CVE-2025-15367",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15367"
},
{
"cve": "CVE-2025-15599",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-15599"
},
{
"cve": "CVE-2025-55130",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55130"
},
{
"cve": "CVE-2025-55131",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55131"
},
{
"cve": "CVE-2025-55132",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-55132"
},
{
"cve": "CVE-2025-59465",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-59465"
},
{
"cve": "CVE-2025-59466",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-59466"
},
{
"cve": "CVE-2025-68470",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-68470"
},
{
"cve": "CVE-2025-9820",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2025-9820"
},
{
"cve": "CVE-2026-0540",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0540"
},
{
"cve": "CVE-2026-0861",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0861"
},
{
"cve": "CVE-2026-0915",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0915"
},
{
"cve": "CVE-2026-0980",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-0980"
},
{
"cve": "CVE-2026-1207",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1207"
},
{
"cve": "CVE-2026-1285",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1285"
},
{
"cve": "CVE-2026-1287",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1287"
},
{
"cve": "CVE-2026-1299",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1299"
},
{
"cve": "CVE-2026-1312",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1312"
},
{
"cve": "CVE-2026-1530",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1530"
},
{
"cve": "CVE-2026-1531",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1531"
},
{
"cve": "CVE-2026-1961",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-1961"
},
{
"cve": "CVE-2026-21637",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-21637"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-23490",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-23490"
},
{
"cve": "CVE-2026-2436",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-2436"
},
{
"cve": "CVE-2026-25518",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-25518"
},
{
"cve": "CVE-2026-27137",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27137"
},
{
"cve": "CVE-2026-27138",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27138"
},
{
"cve": "CVE-2026-27959",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-27959"
},
{
"cve": "CVE-2026-29063",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-29063"
},
{
"cve": "CVE-2026-29087",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-29087"
},
{
"cve": "CVE-2026-30922",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-30922"
},
{
"cve": "CVE-2026-3632",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3632"
},
{
"cve": "CVE-2026-3633",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3633"
},
{
"cve": "CVE-2026-3634",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3634"
},
{
"cve": "CVE-2026-3731",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-3731"
},
{
"cve": "CVE-2026-4271",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-4271"
},
{
"cve": "CVE-2026-4324",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-4324"
},
{
"cve": "CVE-2026-5119",
"product_status": {
"known_affected": [
"T054024",
"T052517",
"67646",
"T021415",
"2F33676F-DD00-4E4F-ADCC-F29993D51A12"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-5119"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…