CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

CVE-2026-6053

IBM Db2 is affected by CVE-2026-6053: denial of service when a specially crafted query runs against range-partitioned tables. Affected: Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.4. CVSS v3.1 base score 5.5 (LOCAL attack, low complexity, high impact on availability). Root cause: CWE-770 (unbounded ...

CVE-2026-6052 IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...

EUVD-2026-32489

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...

CVE-2026-6051

CVE-2026-6051 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. The vulnerability is a denial of service caused by executing a specially crafted query that consumes the statement heap. Impact is a high availability concern for affected Db2 client and server installations. IBM’s bulletin confirms a...

CVE-2026-6051 IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

PT-2026-43977

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when executing a specially crafted query with a small statement heap. A statement heap is a memory area used by the databas...

PT-2026-43695

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when autonomous transactions are enabled. This is triggered by the execution of a specially crafted query. Recommendations ...

CVE-2025-13755

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

CVE-2026-28735

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

CVE-2026-5740 Unauthenticated WebSocket binary frame causes denial of service in Mattermost Server

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

Summary IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. Vulnerability Details CVEID:CVE-2026-6051 DESCRIPTION: IBM Db2 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

Security Bulletin: IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables (CVE-2026-6052)

Summary IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables. Vulnerability Details CVEID:CVE-2026-6052 DESCRIPTION: IBM Db2 is vulnerable to running out of memory when executing certain queries with MDC tables. CVSS Source: IBM CVSS Base score: 6.5 CVSS...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x have security vulnerabilities. These vulnerabilities stem from a failure to verify the team-level operating permissions for target teams,...

CVE-2026-2813 Unvalidated Redirect in ArcGIS Server

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

CVE-2026-2813

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

Advisory ROSA-SA-2026-3269

software: angie 1.11.5 AXIS: ROSA-CHROME unaffected versions = angie-1.11.5-1 affected versions angie-1.11.5-1 CVE-ID: CVE-2026-42945 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A heap buffer overflow vulnerability in the ngxhttprewritemodule NGINX Plus and NGINX Open Source module allows an...