CVE-2025-13867

CVE-2025-13867 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.3. An authenticated user can trigger a denial of service due to improper neutralization of special elements in data query logic. The connected IBM bulletins confirm DoS risk (and re...

CVE-2026-23861

Dell Unisphere for PowerMax vApp, versions 9.2.4.x, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML o...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

PT-2026-20223

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

BIT-GITLAB-2026-1282 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

No d...

CVE-2025-13002

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the columns output mode, which renders string fields from eBPF events to the terminal without sanitizing control characters or ANSI escape sequences. An attacker can manipulate terminal behavior or display by...

CVE-2025-13002

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting XSS.This issue affects E-Commerce Package: through 27112025...

CVE-2025-10969 SQLi in Farktor Software's E-Commerce Package

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection. This issue affects E-Commerce Package: through 27112025...

PT-2026-7841

Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Services Inc. E-Commerce Package versions through 27112025 Description An Improper Neutralization of Input During Web Page Generation issue exists in Farktor Software E-Commerce Services Inc. E-Commerce Package,...

CVE-2026-21516

Improper neutralization of special elements used in a command 'command injection' in Github Copilot allows an unauthorized attacker to execute code over a network...

Security update for apptainer

This update for apptainer fixes the following issues: Security fixes: CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 CVE-2025-65105: Fixed security bypass due to disabling security options bsc1255462 CVE-2025-47914: Fixed malformed constraint may...

CVE-2025-10913 XSS in saastech.io's TemizlikYolda

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting XSS. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about thi...

CVE-2025-10913 XSS in saastech.io's TemizlikYolda

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting XSS. This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted early about thi...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14676)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14675)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...

PT-2026-7557

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14678)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which arises from improper neutralization of speci...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14673)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from improper neutralization of...