1026 matches found
CVE-2026-21671
Veeam Backup & Replication in high availability deployments is affected by CVE-2026-21671. An authenticated user with the Backup Administrator role can perform remote code execution. CVSS v3.1 base score is 9.1 (CRITICAL) , with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H; impact is HIGH ...
PT-2026-24957
CVE: CVE-2026-21671 PT-Identifier: PT-2026-24957 Vendor: Veeam Product: Software Appliance CVSS: 9.1 Credits: n/a Description: A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution RCE in high availability HA deployments of Veeam Backup...
Veeam Backup And Recovery 安全漏洞
Veeam Backup and Recovery is a data backup, recovery, and replication software developed by the American company Veeam. Veeam Backup and Recovery has a security vulnerability that stems from allowing authenticated users with the role of backup administrators to execute remote code execution in...
CVE-2025-20096
CVE-2025-20096 involves improper input validation in the UEFI firmware for some Intel Reference Platforms, allowing escalation of privilege. The Red Hat, NVD, Intel advisory and EUVD records describe local access, high attack requirements, and user interaction as prerequisites, with potential imp...
CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)
Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...
CVE-2025-36425
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
CVE-2025-36425
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
CVE-2025-36425
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
CVE-2025-36425 IBM Db2 Information Disclosure
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
CVE-2025-36425
CVE-2025-36425 is an IBM Db2 information-disclosure issue affecting IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.5.0–11.5.9 and 12.1.0–12.1.3. The vulnerability allows an authenticated user to obtain sensitive information under specific HADR configurations, per I...
PT-2026-20253
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows servers. Versions of IBM Db2 prior to 11.5.9 and 12.1.3 contain security vulnerabilities. These vulnerabilities stem from specific HADR...
CVE-2025-32003
Out-of-bounds read in the firmware for some 100GbE IntelR Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of servic...
RLSA-2026:1241 Important: resource-agents security update
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Security Fixes: urllib3: urllib3: Unbounded decompression chain leads to resource...
Oracle Linux 10 : pcs (ELSA-2026-2438)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2438 advisory. 0.12.1-1.el101.2 - Fixed CVE-2025-13465 by updating pcs-web-ui to 0.1.23.1 Resolves: RHEL-144292 Tenable has extracted the preceding description block directly...
CVE-2025-32003
Out-of-bounds read in the firmware for some 100GbE IntelR Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of servic...
CVE-2025-31944
CVE-2025-31944 concerns a race condition in certain Intel TDX Module implementations prior to tdx1.5, within Ring 0 hypervisor code. The issue may allow a denial of service when a privileged local attacker with high complexity performs a deliberate race condition under local access, with no user ...
CVE-2025-27560
Loop with unreachable exit condition 'infinite loop' for some IntelR Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local acces...
CVE-2025-27560
CVE-2025-27560 describes an infinite loop in certain Intel Platform components operating in Ring 0, enabling a local privileged user to cause a denial of service with no user interaction. The impact is limited to availability (high) while confidentiality and integrity remain unaffected per the pr...
CVE-2025-24851
Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...