PT-2026-20232

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...

PT-2026-20227

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.3 Description An authenticated user may be able to cause a denial of service due to improper neutralization of special elements in data query logic. Recommendations...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from allowing authenticated attackers to access sensitive data through custom H2 JDBC connection strings, resulting in...

PT-2026-20242

Name of the Vulnerable Software and Affected Versions IBM DB2 Merge Backup versions 12.1.0.0 Description An authenticated user can cause IBM DB2 Merge Backup to crash due to a buffer overflow when a buffer is allocated on the stack and subsequently overwritten. Recommendations At the moment, ther...

PT-2026-20266

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An information exposure issue exists in Datart version 1.0.0-rc.3. Authenticated attackers can potentially access sensitive data through a custom H2 JDBC connection string. The issue involves the potential...

IBM DB2 Recovery Expert 跨站请求伪造漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert has a cross-site request forgeing vulnerability. This vulnerability is susceptible to cross-site request forgery attacks, potentially allowing attackers to perform malicious and unauthoriz...

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 002 of IBM DB2 Recovery Expert contains a security vulnerability, which stems from improper input validation of the HOST header. This vulnerability may lead to cross-site scripting, cache poisoning, or session hijacking...

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Versions 11.5.0 to 11.5.9, as well as 12.1.0 to 12.1.3 of IBM Db2, have security vulnerabilities. These vulnerabilitie...

PT-2026-20224

Name of the Vulnerable Software and Affected Versions IBM DB2 Merge Backup for Linux, UNIX and Windows version 12.1.0.0 Description A flaw exists in IBM DB2 Merge Backup for Linux, UNIX and Windows version 12.1.0.0 where a buffer does not properly clear resources, potentially allowing an attacker...

IBM DB2 Merge Backup 安全漏洞

IBM DB2 Merge Backup is a database-assisted backup tool developed by IBM. Version 12.1.0.0 of IBM DB2 Merge Backup contains a security vulnerability. This vulnerability stems from an error in calculating buffer sizes, which could allow authenticated users to cause the program to crash...

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

ExploitPwned

ExploitPwned Exploit Database ExploitDB is an archive of exp...

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

CVE-2026-2415 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

pretix 安全漏洞

Pretix is a ticketing software developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from two security-related flaws in the placeholder mechanism. It is possible for malicious placeholders to reveal system configuration information, including databa...

pretix 安全漏洞

Pretix is a ticketing software developed by the German company Pretix. Pretix has a security vulnerability, which stems from a security-related flaw in the placeholder mechanism. This flaw may allow system configuration information to be disclosed through specially crafted placeholder names,...

WordPress PhotoStack Gallery plugin <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter vulnerability

Unauthenticated SQL Injection via 'postid' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PhotoStack Gallery versions = 0.4.1...

CVE-2019-25367 ArangoDB Community Edition 3.4.2-1 XSS via aardvark admin interface

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface index.html through search, user management, and API parameters. Attackers can inject scripts via parameters in /db/system/admin/aardvark/index.html to execute JavaScript i...

CVE-2026-2024

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...