CVE-2025-36333
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improp
CVSS
4.3
Medium
EPSS
0.3%
p20
KEV
—
Exploit Today
6
0-100
Published: Jun 30, 2026 · Last modified: Jul 6, 2026 · CWE-841
0.3%EPSS · 30 days0.3%
2026-07-012026-07-18
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2024-463077.5 HIG36.9%
——11A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.14dCVE-2026-422467.4 HIG24.6%
——7Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.4dCVE-2026-345829.1 CRI14.2%
——4Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.4d