CVE-2025-33130

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...

USN-8051-1: libssh vulnerabilities

It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly use this issue to cause libssh clients to crash, resulting in a denial of service. CVE-2025-8277 It was discovered that the libssh SCP client incorrectly sanitized paths received...

PT-2026-20535

Name of the Vulnerable Software and Affected Versions Aida64 Engineer version 6.10.5200 Description Aida64 Engineer version 6.10.5200 contains a buffer overflow in the CSV logging configuration. This allows attackers to execute malicious code by creating a specially designed payload. Exploitation...

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the saverestore module, which exposes its admin method through the /objects/?module=saverestore endpoint without...

PT-2026-20379

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s curation draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies current user...

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the plugin installation. An attacker can overwrite files outside the intended directory by submitting a malicious plugin manifest with crafted directory names...

CVE-2025-33130 Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...

CVE-2025-33130

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...

USN-8028-5 linux-aws, linux-aws-6.8, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

USN-8028-4: Linux kernel (FIPS) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

CVE-2026-0998

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate user identity and post ownership in the /api/v1/askPMI endpoint which allows unauthorized users to start Zoom meetings as any user and overwrite arbitrary posts via...

Advisory ROSA-SA-2026-3142

Software: cups 2.2.6 OS: ROSA Virtualization 3.1 unaffected versions = cups-2.2.6-66.rv31 affected versions cups-2.2.6-66.rv31 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...

Advisory ROSA-SA-2026-3137

Software: cups 2.2.6 OS: ROSA Virtualization 3.0 unaffected versions = cups-2.2.6-66.rv30 affected versions cups-2.2.6-66.rv30 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer dereferencing du...

Advisory ROSA-SA-2026-3132

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 unaffected versions = cups-2.2.6-66.0.1.rv3 affected versions cups-2.2.6-66.0.1.rv3 CVE-ID: CVE-2025-58364 BDU-ID: 2025-12439 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server libcups library is related to null pointer...

PT-2026-8329

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.1.x through 11.1.2 Mattermost versions 10.11.x through 10.11.9 Mattermost versions 11.2.x through 11.2.1 Mattermost Plugin Zoom versions through 1.11.0 Description The software does not properly validate user identity an...

SUSE CVE-2026-26157

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

CVE-2025-29951

A buffer overflow in the AMD Secure Processor ASP bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution...

Authorization Bypass

fuxa-server is vulnerable to an Authorization Bypass. The vulnerability is due to improper enforcement of role-based access controls on WebSocket endpoints, where the server fails to validate authentication and authorization for device tag modification requests, allowing unauthenticated remote...

UBUNTU-CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...