CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
IBM WebSphere Extreme Scale versions 8.6.1.0 through 8.6.1.6 contain a denial-of-service vulnerability due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds checking, which may lead to a StackOverflowError or OutOfMemoryError.
IBM App Connect Enterprise versions 13.0.1.0 through 13.0.7.2 and 12.0.1.0 through 12.0.12.26, as well as IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.7, are vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of.
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 contains approximately 50 generated CORBA stub classes in ogclient.jar that call ORB.string_to_object() on an attacker-controlled IOR string during Java deserialization. This turns any unfiltered ObjectInputStream sink in WAS into outbound IIOP SSRF to an attacker-chosen host.
IBM UrbanCode Deploy and IBM DevOps Deploy store potentially sensitive information in log files that could be read by a local user. The vulnerability affects versions 7.2 through 7.2.3.23, 7.3 through 7.3.2.18, and 8.0 through 8.0.1.13, 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0.
IBM UrbanCode Deploy and IBM DevOps Deploy in vulnerable versions may disclose sensitive configurations and secrets to authenticated users in API responses, which could be used in further attacks against the system.
IBM DevOps Deploy (UCD) versions 8.1 through 8.1.2.6 and 8.2 through 8.2.1.0 improperly configure CORS, allowing an attacker to perform privileged actions and retrieve sensitive information because the domain is not restricted to trusted domains.
IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 for Linux, UNIX, and Windows (including Db2 Connect Server) contain a denial-of-service vulnerability. An authenticated user can exploit improper neutralization of special elements in the data query logic for XMLTable-derived columns, causing a denial of service.
IBM WebSphere Application Server 9.0 and 8.5 contain a vulnerability that could allow a remote attacker to obtain sensitive information from the integrated help system of the administrative console.
A vulnerability in IBM Db2 allows an authenticated user to read sensitive information from monitoring and event tables. It affects versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 on Linux, UNIX, and Windows.
The Zephyr Bluetooth controller ISO Adaptation Layer fails to validate the length of a framed ISO PDU start segment, leading to an integer underflow and out-of-bounds read. An attacker can trigger information disclosure or denial of service over the air.
A vulnerability in CVAT before version 2.69.0 in the QualityReportViewSet.get_queryset allows authenticated attackers to enumerate quality report identifiers belonging to other organizations. The missing check_object_permissions call on the parent_id parameter in the quality reports API endpoint enables distinguishing existing and non-existing reports via HTTP 500 vs 404 responses.
Woodpecker before version 3.15.0 exposes the /api/orgs/lookup/*org_full_name endpoint without authentication middleware, and the handler triggers a NULL pointer dereference for unauthenticated requests. Each request causes a panic that is recovered by gin middleware but writes a multi-line stack trace to the error log.
In RuoYi-Vue-Plus up to version 5.6.2 (fixed in commit 88d03d9), workflow task management endpoints in FlwTaskController lack any permission checks. Any authenticated user, regardless of role, can reassign tasks, urge tasks, and list all pending and finished tasks.
A vulnerability in Hermes WebUI before version 0.51.521 allows bypassing profile isolation. When importing a session, the workspace of the active named profile is validated, but the Session object is created without setting its profile, resulting in the session being persisted with a null profile. A null profile is treated as the default profile, enabling a user on the default profile to export the session transcript and read files from the named profile's workspace.
A path traversal vulnerability in Vibe-Trading before version 0.1.10 allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences. Attackers can manipulate the memory_type parameter in the persistent memory store to write arbitrary Markdown files to unintended filesystem locations.
A vulnerability in Vibe-Trading before version 0.1.10 allows reading and overwriting run.json files outside the runs directory. An attacker can exploit a crafted run identifier supplied via MCP swarm tools, leading to data confidentiality and integrity breaches.
A vulnerability in Nightingale (n9e) before version 9.0.0-beta.2 allows any authenticated low-privilege user (Standard role) to read full datasource configurations, including database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys. This occurs via the POST /api/n9e/datasource/list endpoint, which lacks admin authorization, and the DatasourceFilter does not redact secret fields.
A race condition vulnerability exists in the asynchronous SNTP client of Zephyr OS. When the client closes the UDP socket without synchronizing with the socket service thread, a use-after-free of the net_context structure can occur, leading to crashes or potential memory corruption.
A vulnerability in the Zephyr net_buf library involves non-atomic operations on buffer reference counts. Under concurrency (SMP or single-core preemption), double-free of memory or corruption of the free buffer list may occur.
A vulnerability in Zephyr's DNS resolver (subsys/net/lib/dns) allows an out-of-bounds read due to insufficient validation of the rdlength field in DNS responses. The dns_unpack_answer() function accepts any declared rdlength, enabling an attacker to craft a truncated TXT or SRV response that reads beyond the receive buffer. This leads to information disclosure (residual packet data or uninitialized memory) and potentially a denial of service.

