Vuldb Updates

A vulnerability marked as problematic has been reported in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.3. This affects an unknown part of the component Data Query Logic. This manipulation causes improper neutralization of special elements in data query logic. This vulnerability appears as CVE-2025-36353. The attack requires local access. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server up to 12.1.3. Impacted is an unknown function of the component Data Query Logic. Executing a manipulation can lead to improper validation of specified quantity in input. This vulnerability is handled as CVE-2025-36423. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in IBM DB2 up to 12.1.3 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to unquoted search path. This vulnerability is tracked as CVE-2025-36384. The attack is restricted to local execution. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in ixray-team ixray-1.6-stcop up to 1.2. This issue affects some unknown processing. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2026-24870. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path traversal. This vulnerability is cataloged as CVE-2026-0571. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

A vulnerability, which was classified as problematic, was found in Ubiquiti UCRM Argentina AFIP invoices Plugin up to 1.2.0. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-59467. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as critical has been detected in getarcaneapp arcane up to 1.12.x. This vulnerability affects unknown code of the component Updater Service. The manipulation leads to os command injection. This vulnerability is traded as CVE-2026-23520. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. The identification of this vulnerability is CVE-2026-1195. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure. This vulnerability is referenced as CVE-2026-1196. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2026-1443. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in EZCast Pro II 1.17478.146. Affected by this issue is some unknown functionality. Performing a manipulation results in hard-coded credentials. This vulnerability is identified as CVE-2026-24346. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability classified as problematic has been found in EZCast Pro II 1.17478.146. Impacted is an unknown function of the file /tmp. This manipulation causes improper input validation. This vulnerability is registered as CVE-2026-24347. The attack requires access to the local network. No exploit is available.

A vulnerability, which was classified as problematic, has been found in EZCast Pro II 1.17478.146. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2026-24345. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in libexpat up to 2.7.3 and classified as problematic. Affected is the function XML_ExternalEntityParserCreate. The manipulation results in null pointer dereference. This vulnerability was named CVE-2026-24515. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. This vulnerability was named CVE-2026-1194. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in HAX CMS up to 24.x. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-22704. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in sigstore cosign up to 2.6.1/3.0.3. Affected by this issue is some unknown functionality. Such manipulation leads to insufficient verification of data authenticity. This vulnerability is listed as CVE-2026-22703. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in vega up to 6.1.0. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-66648. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Metro Development Server up to 19.x. This impacts an unknown function of the component Endpoint. Performing a manipulation results in os command injection. This vulnerability was named CVE-2025-11953. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Quenary tugtainer up to 1.16.0. Impacted is an unknown function. The manipulation results in use of get request method with sensitive query strings. This vulnerability is cataloged as CVE-2026-23846. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.