Lucene search
+L

2898 matches found

CVE
CVE
added 2 days ago10 views

CVE-2026-14501

CVE-2026-14501 affects IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0. The root cause is the use of potentially dangerous functions without sufficient restrictions, which could allow an attacker to execute arbitrary code or obtain sensitive information. According to the CVSS v3.1 metri...

4.3CVSS6AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7771 IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service...

5.5CVSS0.00148EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-9762

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS0.00165EPSS
Exploits0References1
CVE
CVE
added 2 days ago16 views

CVE-2026-9762

CVE-2026-9762 affects IBM Db2 Client components: the IBM Data Server Driver for JDBC and SQLJ. A remote code execution (RCE) exists when the JDBC URL is under user control. Affected products/versions: Db2 client 11.5.0–11.5.9 and 12.1.0–12.1.4. Root cause identified as CWE-94 (Improper Code Gener...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60835

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/10 6:10 p.m.9 views

Security Bulletin: IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control (CVE-2026-9762)

Summary IBM® Db2® is vulnerable to remote code execution when jdbc url is under user control. Vulnerability Details CVEID:CVE-2026-9762 DESCRIPTION: IBM Data Server Driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control. CWE:CWE-94: Improper Control of...

7.8CVSS6.5AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 4:16 p.m.47 views

Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...

9.8CVSS6.6AI score0.0086EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/30 8:17 p.m.9 views

CVE-2026-10109

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS0.0086EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:3 p.m.7 views

EUVD-2025-210373

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...

5.5CVSS5.7AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:3 p.m.46 views

CVE-2025-36372 IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...

5.5CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:2 p.m.6 views

CVE-2026-10109

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 8:2 p.m.159 views

CVE-2026-10109

CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:2 p.m.51 views

CVE-2026-10109 IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS0.0086EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:42 p.m.48 views

CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:42 p.m.6 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:42 p.m.27 views

CVE-2026-11906

CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-53966

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can cause a denial of service due to improper neutralization of special elements within the data query logic of XMLTable-derived...

6.5CVSS6AI score0.0042EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:6 a.m.20 views

Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...

10CVSS7.9AI score0.38701EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:16 p.m.18 views

Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...

7.5CVSS6AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:50 p.m.9 views

Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.

Summary IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote us...

9.8CVSS7.5AI score0.01125EPSS
Exploits7Affected Software1
Rows per page
Query Builder