UBUNTU-CVE-2026-3856

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all...

PT-2026-25954

CVE-2026-3856 IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integ… https://t.co/3y33wLJj0n...

WeGIA 操作系统命令注入漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained an operating system command injection vulnerability. This vulnerability stemmed from the improper handling of special backup file names by the database recovery function,...

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27898

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert contains a security vulnerability, which stems from improper input validation of the HOST header. This vulnerability may lead to cross-site scripting, cache poisoning, or session hijacking...

IBM DB2 Recovery Expert 代码问题漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. There are code-related vulnerabilities in IBM DB2 Recovery Expert; these vulnerabilities arise from failing to invalidate sessions after timeouts, which may lead to identity impersonation attacks...

IBM DB2 Recovery Expert 跨站请求伪造漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert has a cross-site request forgeing vulnerability. This vulnerability is susceptible to cross-site request forgery attacks, potentially allowing attackers to perform malicious and unauthoriz...

PT-2026-20232

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...

IBM Db2 安全漏洞

IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a security vulnerability. This vulnerability...

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. The version IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 contains a security vulnerability. This vulnerability arises from the transmission of data through plaintext communication channels, which may allow attackers to...

CVE-2022-45186

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database...

CVE-2022-21511

Vulnerability in the Oracle Database - Enterprise Edition Recovery component of Oracle Database Server. For supported versions that are affected see note. Easily exploitable vulnerability allows high privileged attacker having EXECUTE ON DBMSIR.EXECUTESQLSCRIPT privilege with network access via...

CVE-2022-45186

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database...

CVE-2022-45186

CVE-2022-45186 affects SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field from the database, indicating a data exposure vulnerability. CVSSv3.1 base score 8.1 (HIGH) with network attack vector, low privileges, no user interaction needed, and with confidentiality/integrity impacts...

CVE-2024-23580 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs)

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords OTPs. This could allow an attacker with access to the database to recover some or all encrypted values...