Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8 and is affected by multiple vulnerabilities CVE-2026-21945, CVE-2026-21932, CVE-2026-21933 and CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

sms-ssm 授权问题漏洞

SMS-SSM is a student management system personally developed by HackHuang. There are authorization-related vulnerabilities in SMS-SSM; these vulnerabilities stem from improper authorization in the preHandle function within the LoginInterceptor.java file...

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27898 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...

CVE-2025-27898

CVE-2025-27898 affects IBM DB2 Recovery Expert for LUW, version 5.5 Interim Fix 002. The issue is that sessions are not invalidated after a timeout, which could allow an authenticated user to impersonate another user on the system. Root cause is a lack of session invalidation after inactivity. Im...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2025-27899

CVE-2025-27899 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Connected sources confirm that sensitive information is disclosed via an environment variable, which could aid in subsequent attacks. The NVD/IBM metadata lists CVSSv3.1 metrics (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) with ...

CVE-2025-27900 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...

CVE-2025-27900

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is affected by an open redirect vulnerability that could allow a remote attacker to perform phishing by spoofing the URL and redirecting users to a malicious site. Affected component: DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Underlying i...

CVE-2025-27901

CVE-2025-27901 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. The vulnerability stems from improper validation of input in the HOST header, enabling HTTP header injection. This could allow an attacker to perform cross-site scripting, cache poisoning, or session hijacking against the...

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-27903

CVE-2025-27903 affects IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002. Affected component is the Recovery Expert for Linux/UNIX/Windows; the underlying issue is transmission of data over a cleartext channel, enabling potential MITM interception to obtain sensitive information. The accompanyi...

CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904

CVE-2025-27904 : IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 is vulnerable to cross-site request forgery (CSRF), allowing an attacker to perform malicious and unauthorized actions transmitted from a trusted user. The issue affects IBM Db2 Recovery Expert for Linux, UNIX and Windows and is...

Exploit for Path Traversal in Owasp Enterprise_Security_Api

Enterprise Security API for Java Legacy ================= !...

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 and CVE-2026-1188 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...