Lucene search
K

117 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-8649

Summary of CVE-2026-8649 : An instance of Improper Neutralization of Special Elements in Data Query Logic affects MOVEit Transfer (Custom Reports modules). The issue impacts MOVEit Transfer versions prior to 2025.0.7 and from 2025.1.0 up to before 2025.1.3. The CVSS vectors indicate a high-severi...

9.8CVSS5.9AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-10698

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42278

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-10698 Table scope bypass vulnerability in custom reports

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.8, from 2025.1.0 before 2025.1.4, from 2026.0.0 before 2026.0.1...

7.2CVSS0.00442EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/29 10:53 p.m.5 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the checkUserPassword process. An attacker can execute arbitrary queries on the backend database by injecting specially crafted input into the password field of a Graph...

8.7CVSS6.2AI score0.00484EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 12:0 a.m.12 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00262EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1352

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.4AI score0.00328EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:41 a.m.8 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the EntitySearchUtil::addSearchClause function in the autocomplete endpoint. The endpoint constructs SQL query with LIKE expression without escaping the SQL LIKE wildcar...

8.7CVSS5.6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.13 views

CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:16 p.m.11 views

CVE-2026-3676

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

6.5CVSS0.00402EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 12:48 p.m.18 views

CVE-2026-3676

CVE-2026-3676 : IBM Db2 components bundled with IBM Cloud APM (Base Private 8.1.4/Advanced Private 8.1.4) are vulnerable when used with Linux/UNIX/Windows DB2 builds (including DB2 Connect Server). The issue arises from improper neutralization of special elements in the data query logic within th...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43708

Name of the Vulnerable Software and Affected Versions IBM Cloud APM, Base Private version 8.1.4 IBM Cloud APM, Advanced Private version 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server affected versions not specified Description An authenticated user can cause a denial of...

6.5CVSS5.7AI score0.00402EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.19 views

IBM Cloud APM 安全漏洞

IBM Cloud APM is an application performance monitoring and operations analysis platform provided by the American multinational company IBM. There are security vulnerabilities in the IBM Cloud APM Base Private 8.1.4 version and the IBM Cloud APM Advanced Private 8.1.4 version. These vulnerabilitie...

6.5CVSS5.8AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/10 2:20 p.m.11 views

CVE-2026-1577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 10:16 p.m.8 views

CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:49 p.m.3 views

CVE-2026-1577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.2AI score0.00335EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/30 9:49 p.m.11 views

EUVD-2026-26439

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

6.5CVSS5.2AI score0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 9:48 p.m.8 views

CVE-2025-14688 IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.13 views

PT-2026-36204

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.3 Description An authenticated user can cause a denial of service in IBM Db2 including Db2 Connect Server for Linux, UNIX, and Windows. This occurs due to improper...

5.3CVSS5.8AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities stem from improper neutralization of special elements in the data query logic, which may cause denial-of-service...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References2
Rows per page
Query Builder