Every CVE whose affected-product data names Ibm Devops Plan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-4096 — CVSS 6.5 (medium): IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers…
CVE-2025-36364 — CVSS 6.2 (medium): IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.
CVE-2025-36363 — CVSS 5.9 (medium): IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account…