Lucene search
K

672 matches found

CVE
CVE
added 5 days ago20 views

CVE-2026-55170

OpenFGA Open Source CVE-2026-55170 affects the MySQL datastore when decisions rely on case-sensitive user strings. The tuple, changelog, and authorization_model identifier columns can treat case-distinct values (e.g., user:Alice vs user:alice) as equivalent, potentially causing two distinct check...

5.4CVSS5.9AI score0.00341EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/06/30 7:42 p.m.6 views

EUVD-2026-40393

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:42 p.m.45 views

CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:42 p.m.6 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:42 p.m.22 views

CVE-2026-11906

CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-53847

Name of the Vulnerable Software and Affected Versions DBIx::QuickORM versions prior to 0.000026 Description An issue exists where SQL identifiers are emitted verbatim into generated queries without proper quoting or escaping. This occurs because the default SQL builder, a SQL::Abstract subclass,...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.17 views

IBM DB2 Multiple Vulnerabilities (7277424, 7277423, 7277417) (Windows)

According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables. CVE-2025-36372 - IBM Db2 is...

9.8CVSS6.5AI score0.0086EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:34 p.m.6 views

CVE-2026-47378

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 8:34 p.m.19 views

CVE-2026-47378

CVE-2026-47378 concerns NocoDB, where before 2026.04.1 public shared-view endpoints could expose hidden-column values through three paths: (1) groupBy could return raw values for any column named in the request, (2) filter and sort arrays operated on hidden columns allowed boolean-blind extractio...

6.9CVSS6AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 8:34 p.m.27 views

CVE-2026-47378 NocoDB: Hidden Column Exposure in Public Shared View Endpoints

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on...

6.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:18 p.m.21 views

CVE-2026-47279

NocoDB's CVE-2026-47279 describes an Access Control problem in public shared-view relation endpoints (LTAR columns). Before patch 2026.05.1, endpoints accepted a caller-supplied column ID without verifying the column’s visibility, allowing anyone with a share UUID to read links from hidden LTAR c...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:18 p.m.5 views

CVE-2026-47279

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on t...

6.9CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:56 p.m.5 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)

Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...

6.5CVSS5.9AI score0.0042EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/12 12:0 p.m.14 views

Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

5.3AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/12 12:0 p.m.26 views

RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

6.9CVSS5.4AI score
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.29 views

VMware Spring Security 代码问题漏洞

VMware Spring Security is a security framework provided by the American company VMware, designed to provide descriptive security protection for Spring-based applications. Versions of VMware Spring Security from 7.0.0 to 7.0.5 have code vulnerabilities. These vulnerabilities stem from attackers wh...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.12 views

cve-2026-40993 - HIGH - Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

cve-2026-40993 - HIGH - Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry...

7.3CVSS6.1AI score0.00198EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.14 views

CVE-2026-7654

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34922

The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of unserialize without an allowedclasses restriction in the IdsToCollection::getidsfromstring function, which processes...

8.8CVSS6.6AI score0.00652EPSS
Exploits1References11
Rows per page
Query Builder