CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

219 matches found

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS5.6AI score0.74625EPSS

Exploits2References3

RedhatCVE•added 2026/06/05 7:47 p.m.•5 views

CVE-2026-6626

A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to launch the attack...

6.5CVSS6.1AI score0.00078EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•6 views

CVE-2026-1352

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.4AI score0.00061EPSS

Exploits0References1

Snyk•added 2026/05/29 10:41 a.m.•5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score

Exploits0References2

RedhatCVE•added 2026/05/27 8:13 p.m.•8 views

CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS5.8AI score0.00061EPSS

Exploits0References1

EUVD•added 2026/05/27 3:33 p.m.•7 views

EUVD-2026-32280

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

6.5CVSS5.8AI score0.00053EPSS

Exploits0References2

NVD•added 2026/05/27 2:16 p.m.•7 views

CVE-2026-3676

6.5CVSS0.00053EPSS

Exploits0References1

Cvelist•added 2026/05/27 12:48 p.m.•37 views

CVE-2026-3676 There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

6.5CVSS0.00053EPSS

Exploits0References1

CVE•added 2026/05/27 12:48 p.m.•8 views

CVE-2026-3676

CVE-2026-3676 : IBM Db2 components bundled with IBM Cloud APM (Base Private 8.1.4/Advanced Private 8.1.4) are vulnerable when used with Linux/UNIX/Windows DB2 builds (including DB2 Connect Server). The issue arises from improper neutralization of special elements in the data query logic within th...

6.5CVSS5.8AI score0.00053EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-43708

Name of the Vulnerable Software and Affected Versions IBM Cloud APM, Base Private version 8.1.4 IBM Cloud APM, Advanced Private version 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server affected versions not specified Description An authenticated user can cause a denial of...

6.5CVSS5.7AI score0.00053EPSS

Exploits0References3

CNNVD•added 2026/05/27 12:0 a.m.•10 views

IBM Cloud APM 安全漏洞

IBM Cloud APM is an application performance monitoring and operations analysis platform provided by the American multinational company IBM. There are security vulnerabilities in the IBM Cloud APM Base Private 8.1.4 version and the IBM Cloud APM Advanced Private 8.1.4 version. These vulnerabilitie...

6.5CVSS5.8AI score0.00053EPSS

Exploits0References1

CNNVD•added 2026/05/25 12:0 a.m.•4 views

Apache Syncope 安全漏洞

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration, and more. A security vulnerability exists in Apache Syncope versions 3.0 through...

4.9CVSS5.8AI score0.00061EPSS

Exploits0References3

IBM Security Bulletins•added 2026/05/21 2:0 p.m.•12 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-361...

8.8CVSS6.6AI score0.00103EPSS

Exploits2Affected Software1

Veracode•added 2026/05/15 7:24 p.m.•10 views

Improper Neutralization Of Special Elements In Data Query Logic

Dgraph is vulnerable to Improper Neutralization of Special Elements in Data Query Logic. The vulnerability is due to improper sanitization of the user-controlled cond field in upsert mutations, which allows an attacker to inject arbitrary DQL query blocks and gain unauthorized read access to...

9.1CVSS5.9AI score0.00073EPSS

Exploits1References3Affected Software3

RedhatCVE•added 2026/05/10 2:20 p.m.•6 views

CVE-2026-1577

6.5CVSS5.8AI score0.0002EPSS

Exploits0References1

NVD•added 2026/04/30 10:16 p.m.•1 views

CVE-2026-1577

6.5CVSS0.0002EPSS

Exploits0References1

NVD•added 2026/04/30 10:16 p.m.•1 views

CVE-2025-14688