Lucene search
K

665 matches found

EUVD
EUVD
added 2 days ago4 views

EUVD-2026-40393

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.00411EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-53847

Name of the Vulnerable Software and Affected Versions DBIx::QuickORM versions prior to 0.000026 Description An issue exists where SQL identifiers are emitted verbatim into generated queries without proper quoting or escaping. This occurs because the default SQL builder, a SQL::Abstract subclass,...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago10 views

IBM DB2 Multiple Vulnerabilities (7277424, 7277423, 7277417) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables. CVE-2025-36372 - IBM Db2 is...

9.8CVSS6.3AI score0.0086EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:34 p.m.18 views

CVE-2026-47378

CVE-2026-47378 concerns NocoDB, where before 2026.04.1 public shared-view endpoints could expose hidden-column values through three paths: (1) groupBy could return raw values for any column named in the request, (2) filter and sort arrays operated on hidden columns allowed boolean-blind extractio...

6.9CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:34 p.m.26 views

CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:18 p.m.19 views

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:56 p.m.5 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)

Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...

6.5CVSS5.9AI score0.00411EPSS
Exploits0Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.12 contains multiple buffer overflows due to vulnerabilities in the numtilecolumns and numtilerow parameters of the picparameterset::dump function...

8.1CVSS6.6AI score0.00979EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in SQLite3

There is a vulnerability in SQLite versions before 3.50.2, where the number of aggregate terms can exceed the number of available columns. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or higher...

9.8CVSS6.7AI score0.73495EPSS
Exploits3References2
OSV
OSV
added 2026/06/12 12:0 p.m.12 views

RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

6.9CVSS5.4AI score
Exploits0References3
RustSec
RustSec
added 2026/06/12 12:0 p.m.8 views

Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

5.3AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.24 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.9 views

EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
NVD
NVD
added 2026/06/05 11:16 p.m.11 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS0.00652EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:28 p.m.7 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
CVE
CVE
added 2026/06/05 10:28 p.m.35 views

CVE-2026-7654

The Admin Columns plugin for WordPress (up to version 7.0.18) is vulnerable to PHP Object Injection that leads to Remote Code Execution. Root cause: unserialize() used without an allowed_classes restriction in IdsToCollection::get_ids_from_string(), processing attacker-controlled post meta values...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References10
Rows per page
Query Builder