CVE-2025-14689 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-14689 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

Arbitrary PDF Object Injection

jsPDF is vulnerable to arbitrary PDF object injection. The vulnerability is due to insufficient sanitization of user-controlled Acroform properties and methods, which allows an attacker to inject malicious PDF objects such as JavaScript actions that execute when the document is opened...

CVE-2026-23194

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

CVE-2025-70957

A Denial of Service DoS vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object an internal TVM type that is normally...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of FDA objects with a length of zero, potentially leading to out-of-bound writes...

TON 安全漏洞

TON is a blockchain software developed under open source. Versions of TON prior to v2024.09 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of external parameters, which could allow attackers to exploit the system through specially crafted Continuation...

CVE-2026-0910

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2026-0490

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

PT-2026-7579

Name of the Vulnerable Software and Affected Versions wpForo Forum plugin for WordPress versions prior to 2.4.14 Description The wpForo Forum plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the wpforo display array data function. This...

📄 glibc 2.38 Buffer Overflow

This is a local privilege escalation exploit for CVE-2023-4911, also known as "Looney Tunables", caused by a buffer overflow in the glibc dynamic loader's environment variable parsing logic. The vulnerability is triggered by crafting a maliciously long GLIBCTUNABLES string which corrupts internal...

glibc 2.38 - Buffer Overflow

Exploit Title: glibc 2.38 - Buffer Overflow Google Dork: N/A Date: 2025-10-08 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.gnu.org/software/libc/ Software Link: https://ftp.gnu.org/gnu/libc/glibc-2.35.tar.gz Version: glibc 2.35 specifically 2.35-0ubuntu3.3 on Ubuntu 22.04.3...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

CVE-2026-0508

The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled...

CVE-2026-24325

SAP BusinessObjects Enterprise contains a Stored XSS flaw due to insufficient encoding of user-controlled inputs. An admin user could inject JavaScript that executes when visiting the affected page. The issue has a CVSS v3.1 base score of 4.8 (Medium) with Network access, Low confidentiality and ...

CVE-2026-24324 Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...