CVE-2026-1718

IBM Db2 is vulnerable to a denial of service when autonomous transactions are enabled, affecting Db2 Server releases 11.5.0–11.5.9 and 12.1.0–12.1.4. The root cause is CWE-770 (Allocation of Resources Without Limits or Throttling). A specially crafted query can trigger the issue. Remediation invo...

EUVD-2026-30746

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

UBUNTU-CVE-2026-22248

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

EUVD-2026-5640

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050 Zulip affected by Stored XSS in user profile modal

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050 Zulip affected by Stored XSS in user profile modal

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

Esri ArcGIS Server 代码问题漏洞

Esri ArcGIS Server is a web-oriented enterprise software platform available for providing geolocation services from Esri. A code issue vulnerability exists in Esri ArcGIS Server 11.5 and prior versions that stems from not properly validating an uploaded file, which could result in the upload of a...

CVE-2024-35152

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639...

CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440...

CVE-2023-30446

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361...

CVE-2021-32828

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...

CVE-2021-46330

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fxArrayBufferprototypeconcat...

CVE-2021-40678

In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batchmanager=unit...

gcc security update

11.5.0-5.0.1 - Merge Oracle patches to 11.5.0-5. Oracle history:...

IBM Db2 日志信息泄露漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system is executed on UNIX, Linux, IBMi, z/OS, and Windows server versions. A log information disclosure vulnerability exists in IBM Db2 version 11.5, which stems from the fact that under certain...

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query...

PT-2024-10213 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to an information disclosure vulnerability. Sensitive information may be included in a log file under specific conditions,...

PT-2024-12763 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue concerns sensitive information disclosure when using ADMIN CMD with IMPORT or EXPORT. This affects the specified versions of...