CVE-2026-3623 Vulnerabilities exists in IBM Netezza Performance Server Replication Services

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successf...

IBM Operations Analytics-Log Analysis 安全漏洞

IBM Operations Analytics-Log Analysis is a semi-structured data analysis solution provided by the American multinational company International Business Machines IBM. This product is primarily used for application log analysis and problem diagnosis. There is a security vulnerability in IBM...

PT-2026-43979

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when a specially crafted query is executed using range partitioned tables. Recommendations At the moment, there is no...

Mapserver 代码问题漏洞

Mapserver is a set of open-source platforms developed by the Open Geospatial Foundation, designed for publishing spatial data and interactive map applications to the Web. Versions of MapServer from 6.4.0 to 8.6.3 had code vulnerabilities. These vulnerabilities stemmed from improper handling of...

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 代码问题漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...

PT-2026-43904

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A flaw exists in the IPv4 ICMP implementation where the system fails to validate the reply type before accessing the icmp...

IBM Langflow 路径遍历漏洞

IBM Langflow is a visual process orchestration tool developed by IBM Corporation. Versions 1.0.0 to 1.9.1 of IBM Langflow contain a path traversal vulnerability. This vulnerability arises from improper validation of symbolic links during archive extraction, which may lead to remote code execution...

auth0.js 安全漏洞

auth0.js is a client JavaScript toolkit developed by Auth0, open source, for the Auth0 API Application Programming Interface. Versions of auth0.js from 8.11.0 to 9.32.0 contain security vulnerabilities. These vulnerabilities arise because, under certain conditions, the Auth0.js SDK may incorrectl...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities arise from the use of range partition tables when special queries are executed, and could lead to denial-of-servic...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hlcdappend function in the gb-beagleplay driver. When this function calls usleeprange while...

IBM App Connect Enterprise 安全漏洞

IBM App Connect Enterprise is an operating system developed by IBM Corporation. IBM App Connect Enterprise combines existing, industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies, providing a platform that meets the comprehensive...

IBM WebSphere Application Server Liberty 安全漏洞

IBM WebSphere Application Server Liberty is a Java application server developed by IBM, based on the Open Liberty project. Versions 22.0.0.11 to 26.0.0.5 of IBM WebSphere Application Server Liberty contain security vulnerabilities. These vulnerabilities are due to issues related to specific time...

Kysely 安全漏洞

Kysely is a type-safe TypeScript SQL query builder developed by Kysely contributors. Versions of Kysely from 0.26.0 to 0.28.16 contain security vulnerabilities. These vulnerabilities stem from the lack of escaping of JSON path metacharacters in the DefaultQueryCompiler.visitJSONPathLeg function. ...

UBUNTU-CVE-2026-44983

smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...

CVE-2026-48593

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

DEBIAN-CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

CVE-2026-48592

CVE-2026-48592 - Normal (concrete details available) Affected software: oban_web (Elixir Oban) prior to version 2.12.5. The vulnerability occurs in the LiveView component Elixir.Oban.Web.Jobs.DetailComponent during handling of the save-job event. The handle_event("save-job", ...) path does not pe...

CVE-2026-48593 Unbounded range expansion in cron describe causes memory exhaustion in oban_web

Uncontrolled Resource Consumption vulnerability in oban-bg obanweb 'Elixir.Oban.Web.CronExpr' modules allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a malicious cron expression such as "0 0 1-100000000 ". When a user with...

CVE-2026-48593

CVE-2026-48593 describes an uncontrolled resource consumption in oban_web’s cron rendering. The issue arises in the Elixir CronExpr describe/1 rendering path where unbounded cron ranges (e.g., 1-100000000) are parsed by parse_range/1 without bounds checks, then expand_dom_parts/1 and expand_dow_p...