CVE-2025-36377

IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system...

CVE-2023-38265

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system...

CVE-2023-38265

CVE-2023-38265 affects IBM Cloud Pak System versions 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0. The issue is improper access control that allows information disclosure through directory listing, exposing folder location details to unauthenticated attackers and potentially aiding further att...

CVE-2025-33101

CVE-2025-33101 affects IBM Concert Software 1.0.0–2.1.0. The vulnerability arises from improper clearing of heap memory, enabling an attacker to obtain sensitive information via man-in-the-middle techniques. Public sources in connected documents reiterate information disclosure as the impact and ...

CVE-2025-33089 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials...

CVE-2025-33089

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information or perform unauthorized actions due to the use of hard coded user credentials...

CVE-2025-36243

IBM Concert Software versions 1.0.0–2.1.0 are vulnerable to server-side request forgery (SSRF). An authenticated attacker could cause unauthorized requests to be made from the system, enabling network enumeration or related attacks. Red Hat and NVD entries concur with the IBM advisory. The public...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2026-25087 Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

Pega Platform 安全漏洞

Pega Platform is an enterprise management platform developed by Pega, Inc. Versions 8.1.0 to 25.1.1 of Pega Platform contain security vulnerabilities. These vulnerabilities stem from the susceptibility of the user interface components to stored-xss attacks, which may affect confidentiality and...

PT-2026-20269

Name of the Vulnerable Software and Affected Versions Liderahenk versions 3.0.0 through 3.3.1 Description A missing authentication check for a critical function in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows for Remote Code Inclusion. The issue impacts the software’s...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +145 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-services (>=1.9.0.CR1 <=26.5.3)

org.keycloak:keycloak-services MAVEN version =1.9.0.CR1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-2575 Source advisory: SNYK:JAVA-ORGKEYCLOAK-15304465https://vulners.com/snyk/SNYK:JAVA-ORG...

com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +65 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-core (>=1.9.0.CR1 <=26.5.3)

org.keycloak:keycloak-saml-core MAVEN version =1.9.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.5.3 and more Source cves: CVE-2026-2575https://vulners.com/cve/CVE-20...

PT-2026-8315

Name of the Vulnerable Software and Affected Versions Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 Description A security flaw exists in Flos Freeware Notepad2. The issue involves an uncontrolled search path within an unknown function in the Msimg32.dll library. Local access is required...

VulnCheck KEV: CVE-2023-27032

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups...

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

n8n Node.js Package >= 0.187.0 < 1.120.3 Command Injection (CVE-2026-21893)

The version of the n8n Node.js Package installed on the remote host is = 0.187.0 and prior to 1.120.3. It is, therefore, affected by a command injection vulnerability: - A command injection vulnerability was identified in n8n's community package installation functionality. The issue allows...

UBUNTU-CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...

Dell Update Package Framework 安全漏洞

Dell Update Package Framework is a framework developed by the American company Dell for updating system components. This product primarily provides installation programs for drivers, applications, BIOS, and firmware. Versions of the Dell Update Package Framework from 23.12.00 to 24.12.00 containe...