Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. CWE:CWE-94: Improper Control of...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)

Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...

Security Bulletin: IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82.

Summary IBM® Db2® is affected by vulnerabilities in bcprov-jdk18on-1.82 and bcpkix-jdk18on-1.82 Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This...

Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in log4j v2.25.3.

Summary IBM® Db2® federated server is affected by multiple vulnerabilities in log4j v2.25.3. Vulnerability Details CVEID:CVE-2026-34480 DESCRIPTION: Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to...

Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.

Summary IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote us...

Security Bulletin: IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables (CVE-2025-36372)

Summary IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables. CVE-2025-36372 Vulnerability Details CVEID:CVE-2025-36372 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an...

Audiobookshelf Unauthenticated API Authentication Bypass Scanner

This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability (CVE-2026-12085)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. CVE-2026-12085. Vulnerability Details CVEID:CVE-2026-12085 DESCRIPTION: IBM DevOps Deploy coul...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-12086)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD installer potentially logs sensitive information in a way that could be read by a local user. CVE-2026-12086. Vulnerability Details CVEID:CVE-2026-12086 DESCRIPTION: IBM DevOps Deploy stores potentially sensitive information in log files that...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains (CVE-2026-12084)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. CVE-2026-12084. Vulnerability Details...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Exposure of Sensitive Information Vulnerability (CVE-2026-10569)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to an Exposure of Sensitive Information Vulnerability in plugin output logs. This exposure could allow an attacker with access to the logs to potentially obtain senstive values related to that step. CVE-2026-10569. Vulnerability...

Low: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: Satellite 6.18.6 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

darknet-mcp-server

English | 简体中文 | 繁體中文 | 한국어 | Deutsch | Español | Fr...

vulnerability-assessment-metasploitable2

Vulnerability Assessment — Metasploitable 2 A end-to-end vuln...

CVE-2026-55249 @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

CVE-2026-55249 @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

CVE-2026-55249 @rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...

EUVD-2026-38571

@rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rewrite OpenClaw plugin passes attacker-controlled input directly into a shell-backed execSync template string without shell-safe escaping. JSON.stringif...