1512 matches found
CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-27904
CVE-2025-27904 : IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF), allowing an attacker to perform malicious and unauthorized actions transmitted from a trusted user. The issue affects IBM Db2 Recovery Expert for Linux, UNIX and Windows and is...
PT-2026-20234
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to HTTP header injection due to insufficient input validation of the HOST headers. This flaw potentially enables...
PT-2026-20231
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software does not invalidate sessions after a timeout. This could allow an authenticated user to impersonate another user on the system. Recommendations At the moment,...
PT-2026-20236
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to a cross-site request forgery condition. This could allow an attacker to perform unauthorized actions on behal...
PT-2026-20233
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software contains a flaw that could enable a remote attacker to carry out phishing attacks through an open redirect. A crafted website can be used to exploit this issu...
PT-2026-20232
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...
PT-2026-20235
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX, and Windows transmits data over a cleartext communication channel. This could allow an attacker to intercept sensitive information...
IBM DB2 Recovery Expert 跨站请求伪造漏洞
IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert has a cross-site request forgeing vulnerability. This vulnerability is susceptible to cross-site request forgery attacks, potentially allowing attackers to perform malicious and unauthoriz...
IBM DB2 Recovery Expert 安全漏洞
IBM DB2 Recovery Expert is a database recovery tool developed by IBM. The version IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 contains a security vulnerability. This vulnerability arises from the transmission of data through plaintext communication channels, which may allow attackers to...
IBM Db2 输入验证错误漏洞
IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a vulnerability related to input validation...
Automatic Simplification of Common Vulnerabilities and Exposures Descriptions
Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models LLMs could be...
SecCodePRM: A Process Reward Model for Code Security
Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...
CVE-2020-37139 Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...
PT-2026-6582
Name of the Vulnerable Software and Affected Versions Odin Secure FTP Expert version 7.6.3 Description The software contains a local denial of service issue that allows attackers to crash the application by manipulating site information fields. An attacker can trigger a buffer overflow by pasting...
Schneider Electric EcoStruxure Process Expert security vulnerabilities
Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...
PT-2026-4356
Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...
CVE-2021-47780
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permission...
CVE-2021-47780
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permission...
Macro Expert code issue vulnerabilities
Macro Expert is a robotics process automation software developed by Macro Expert Corporation. Version 4.7 of Macro Expert contains a code vulnerability; this vulnerability stems from service paths that are not enclosed in quotes, which may allow for the execution of arbitrary code...