Lucene search
K

90 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/30 9:27 p.m.4 views

CVE-2025-36365

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a...

6.8CVSS6AI score0.00261EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/30 9:27 p.m.32 views

CVE-2025-36365 IBM Db2 Privilege Escalation

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a...

6.8CVSS0.00261EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:14 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configuration of cataloged remote storage aliases (CVE-2025-36365)

Summary IBM® Db2® under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. Vulnerability Details CVEID:CVE-2025-36365 DESCRIPTION: IBM Db2 for Linux...

7.5CVSS6.1AI score0.00261EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5452

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description An authenticated user may be able to...

6.8CVSS6AI score0.00261EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/30 12:0 a.m.8 views

IBM Db2 security vulnerabilities

IBM Db2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Versions 11.5.0 to 11.5.9, as well as 12.1.0 to 12.1.3 of IBM Db2, have security vulnerabilities. These vulnerabilitie...

7.5CVSS6AI score0.00261EPSS
Exploits0References3
OSV
OSV
added 2026/01/05 11:50 p.m.6 views

MAL-2026-923 Malicious code in auto-backup-linux (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6f1fce241db64e9804a2eee083721b8374a2f27d8f4f2c51ce77a8e7687c61e Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where...

5.7AI score
Exploits0References10
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.8 views

WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability

Cross-Site Request Forgery in XclonerRemoteStorage:save vulnerability discovered by Rafshanzani Suhada in WordPress Plugin XCloner versions = 4.8.2...

4.3CVSS5.9AI score0.00106EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability

Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/05 1:55 a.m.4 views

CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 1:55 a.m.13 views

CVE-2025-11759

CVE-2025-11759 affects the WordPress plugin “Backup, Restore and Migrate your sites with XCloner” (versions up to and including 4.8.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the Xcloner_Remote_Storage:save() function, enabling unauthenticate...

4.3CVSS4.9AI score0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 1:55 a.m.34 views

CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS0.00106EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.10 views

PT-2025-49185

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner Remote Storage:save function. This makes it possible for...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-16226

Malware in sbrugna...

4.4CVSS5AI score0.01064EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11906

Malware in sbrugna...

6.1CVSS6.3AI score0.01213EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/19 6:30 p.m.5 views

CVE-2025-59339

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...

4.4CVSS6.9AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.5 views

CVE-2024-23685

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types...

5.3CVSS5.5AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 a.m.5 views

CVE-2011-3462

Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803...

5CVSS5.9AI score0.01698EPSS
Exploits0References1
Fedora
Fedora
added 2025/01/24 1:32 a.m.14 views

[SECURITY] Fedora 40 Update: git-lfs-3.6.1-1.fc40

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server...

8.5CVSS6.7AI score0.0104EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/08 9:3 p.m.13 views

Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

6.3CVSS7.1AI score0.00708EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/08 9:3 p.m.9 views

GHSA-J3F9-P6HM-5W6Q Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Impact Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers...

6.3CVSS6.5AI score0.00708EPSS
Exploits0References5
Rows per page
Query Builder