CVE-2025-36375

IBM DataPower Gateway CVE-2025-36375 is a CSRF vulnerability (CWE-352) that can allow an attacker to perform unauthorized actions in a user’s browser. Affected products and versions include: DataPower Gateway 10.6CD (10.6.1.0–10.6.5.0), 10.5.0 (10.5.0.0–10.5.0.20), and 10.6.0 (10.6.0.0–10.6.0.8)....

GHSA-424H-XJ87-M937 Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

CVE-2025-54499 Insecure string comparison enables timing attacks

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Cloud API keys and OAuth client secrets...

CVE-2025-9084 Open redirect in OAuth login

Mattermost versions 10.5.x = 10.5.9 fail to properly validate redirect URLs which allows attackers to redirect users to malicious sites via crafted OAuth login URLs...

Mattermost Server SSRF Vulnerability via the Agents Plugin

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.5.7 and prior 10.5.x, 9.11.16 and prior 9.11.x. The vulnerability stems from a failure to negotiate a new token when accepting an invitation,...

PT-2024-4311 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service that may occur when a specially crafted query is used on certain columnar tables by an...

PT-2024-4310 · Ibm · Db2 Connect Server +1

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to the management of database systems, specifically IBM DB2 and IBM DB2 Connect Server, which are vulnerable to...

CVE-2023-49101

WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates...

CVE-2023-27867

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this...

CVE-2022-34424

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans...

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

CVE-2021-39076

IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585...

IBM DB2 Denial of Service Vulnerability (CNVD-2020-73751)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM DB2 9.7, 10.1, 10.5, 11.1, 11.5. A local attacker can...

IBM Security Guardium Encryption Problem Vulnerability (CNVD-2020-45116)

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium versions 10.5...

IBM DB2 Denial of Service Vulnerability (CNVD-2020-13053)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2 versions V10.5, V11.1, and V11.5. An attacker can...

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

CVE-2018-1711

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369...

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...