CVE-2026-42797

CVE-2026-42797 (Apache Syncope) exposes a data-query related information disclosure via a misconfigured JEXL expression. An administrator with entitlements for Derived Schemas can craft a malicious JEXL expression that, if the requester also has User-read privileges, may access security-sensitive...

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

CVE-2026-21836

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

EUVD-2026-31117

The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-elasticsearch-store is a Spring AI Elasticsearch Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

Cockpit 安全漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit prior to 2.13.5 contained security vulnerabilities, which were caused by improper neutralization of special elements in the data query logic handled by the Asset Handler/Aggregate Handler...

[SECURITY] Fedora 44 Update: task-3.4.2-3.fc44

Taskwarrior is a command-line TODO list manager. It is flexible, fast, efficient, unobtrusive, does its job then gets out of your way. Taskwarrior scales to fit your workflow. Use it as a simple app that captures tasks, shows you the list, and removes tasks from that list. Leverage its capabiliti...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-13867 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-14689 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

UBUNTU-CVE-2025-36423

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

PT-2026-5453

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description The software may allow a local user to...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

Cisco Nexus 3000 9000 Series Switches Protocol Independent Multicast Version 6 DoS (cisco-sa-nxospc-pim6-vG4jFPh)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticate...

EUVD-2024-51469

Malicious code in bioql PyPI...

EUVD-2025-17753

Malicious code in bioql PyPI...

EUVD-2025-18301

Malicious code in bioql PyPI...

CVE-2025-20262

A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...

CVE-2025-20262

CVE-2025-20262 affects Cisco Nexus 3000/9000 NX-OS standalone in PIM6. The issue arises from improper processing of PIM6 ephemeral data queries, allowing an authenticated, low-privileged remote attacker to crash the PIM6 process and cause DoS via adjacency flaps and DoS of PIM6/ephemeral query pr...