78 matches found
CVE-2026-1718
IBM Db2 is vulnerable to a denial of service when autonomous transactions are enabled, affecting Db2 Server releases 11.5.0–11.5.9 and 12.1.0–12.1.4. The root cause is CWE-770 (Allocation of Resources Without Limits or Throttling). A specially crafted query can trigger the issue. Remediation invo...
CVE-2026-4917
IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...
CVE-2026-4919 IBM Guardium Data Protection is affected by multiple vulnerabilities
IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2026-27115
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecos pw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gai...
Copeland XWEB PRO 操作系统命令注入漏洞
Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...
PT-2026-21358
Name of the Vulnerable Software and Affected Versions Swiper versions 6.5.1 through 12.1.1 Description Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. A prototype pollution issue exists in the shared/utils.mjs file, specifically at line 94, wher...
CVE-2025-13108
CVE-2025-13108 affects IBM Db2 Merge Backup for Linux, UNIX and Windows, version 12.1.0.0. The root cause is a buffer not properly cleared, which could allow an attacker to access sensitive information stored in memory. The vulnerability is documented across multiple sources (IBM, Red Hat, NVD, e...
IBM DB2 Merge Backup 安全漏洞
IBM DB2 Merge Backup is a database-assisted backup tool developed by IBM. Version 12.1.0.0 of IBM DB2 Merge Backup contains a security vulnerability. This vulnerability stems from buffer overflows allocated at the stack level, which could allow authenticated users to cause the program to crash...
SUSE CVE-2026-25990
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...
SUSE-SU-2026:20170-1 Security update for cockpit-subscriptions
This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...
CVE-2018-4387
A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1...
CVE-2025-67291
A stored cross-site scripting XSS vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...
PT-2025-52684
Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Page Settings module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Excerpt field...
PT-2025-52685
Name of the Vulnerable Software and Affected Versions Piranha CMS version 12.1 Description A stored cross-site scripting XSS issue exists in the Media module. An attacker can inject a crafted payload into the Name field to execute arbitrary web scripts or HTML. Recommendations At the moment, ther...
CVE-2025-67591
Cross-Site Request Forgery CSRF vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through 12.0.1...
CVE-2025-67591 WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through 12.0.1...
WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JNews Paywall versions 12.0.1...
CVE-2025-40107 affecting package kernel for versions less than 6.6.112.1-2
CVE-2025-40107 affecting package kernel for versions less than 6.6.112.1-2. An upgraded version of the package is available that resolves this issue...
PT-2025-43535
Name of the Vulnerable Software and Affected Versions Piranha CMS versions 12.0 and 12.1 Description A stored cross-site scripting XSS issue exists in the /manager/pages component of Piranha CMS. This allows attackers to execute arbitrary web scripts or HTML by creating a page and injecting a...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium...