Lucene search
K

1512 matches found

Vulnrichment
Vulnrichment
added 2026/02/17 7:30 p.m.5 views

CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

6.5CVSS5.4AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 7:30 p.m.12 views

CVE-2025-27904

CVE-2025-27904 : IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF), allowing an attacker to perform malicious and unauthorized actions transmitted from a trusted user. The issue affects IBM Db2 Recovery Expert for Linux, UNIX and Windows and is...

6.5CVSS5.5AI score0.00112EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-20234

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to HTTP header injection due to insufficient input validation of the HOST headers. This flaw potentially enables...

6.5CVSS5.4AI score0.00168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20231

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software does not invalidate sessions after a timeout. This could allow an authenticated user to impersonate another user on the system. Recommendations At the moment,...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20236

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to a cross-site request forgery condition. This could allow an attacker to perform unauthorized actions on behal...

6.5CVSS5.3AI score0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20233

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software contains a flaw that could enable a remote attacker to carry out phishing attacks through an open redirect. A crafted website can be used to exploit this issu...

6.8CVSS5.8AI score0.00137EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.6 views

PT-2026-20232

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.5 views

PT-2026-20235

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX, and Windows transmits data over a cleartext communication channel. This could allow an attacker to intercept sensitive information...

5.9CVSS5.4AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.7 views

IBM DB2 Recovery Expert 跨站请求伪造漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert has a cross-site request forgeing vulnerability. This vulnerability is susceptible to cross-site request forgery attacks, potentially allowing attackers to perform malicious and unauthoriz...

6.5CVSS5.7AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.8 views

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. The version IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 contains a security vulnerability. This vulnerability arises from the transmission of data through plaintext communication channels, which may allow attackers to...

5.9CVSS5.8AI score0.00133EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.6 views

IBM Db2 输入验证错误漏洞

IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a vulnerability related to input validation...

6.8CVSS5.8AI score0.00137EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.1 views

Automatic Simplification of Common Vulnerabilities and Exposures Descriptions

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models LLMs could be...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.14 views

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.4 views

CVE-2020-37139 Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Service

Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the applicatio...

8.4CVSS5.7AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6582

Name of the Vulnerable Software and Affected Versions Odin Secure FTP Expert version 7.6.3 Description The software contains a local denial of service issue that allows attackers to crash the application by manipulating site information fields. An attacker can trigger a buffer overflow by pasting...

8.4CVSS5.8AI score0.00184EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.8 views

Schneider Electric EcoStruxure Process Expert security vulnerabilities

Schneider Electric EcoStruxure Process Expert is a next-generation process automation system developed by Schneider Electric of France. It is used for designing, operating, and maintaining entire factories. Schneider Electric EcoStruxure Process Expert has a security vulnerability. This...

7CVSS5.8AI score0.00103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.10 views

PT-2026-4356

Name of the Vulnerable Software and Affected Versions Schneider Electric EcoStruxure Process Expert versions prior to 2025 Description An incorrect default permissions issue can lead to privilege escalation via a reverse shell. A local user with normal privileges can modify executable service...

7CVSS5.9AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47780

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permission...

7.8CVSS6AI score0.00223EPSS
Exploits1References3
NVD
NVD
added 2026/01/16 12:16 a.m.5 views

CVE-2021-47780

Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permission...

8.5CVSS0.00223EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.7 views

Macro Expert code issue vulnerabilities

Macro Expert is a robotics process automation software developed by Macro Expert Corporation. Version 4.7 of Macro Expert contains a code vulnerability; this vulnerability stems from service paths that are not enclosed in quotes, which may allow for the execution of arbitrary code...

8.5CVSS6.1AI score0.00223EPSS
Exploits1References3
Rows per page
Query Builder