IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability.  By sending a specially crafted request, an unauthenticated malicious actor could exploit this vulnerability to sniff an existing WebSocket connection to then remotely perform operations that the user is not allowed to perform.

CVE Database V5

Detailed information about CVE-2025-36116: CWE-1385 Missing Origin Validation in WebSockets in IBM Db2 Mirror for i affecting IBM Db2 Mirror for i. Get real-tim

CVE-2025-36116: CWE-1385 Missing Origin Validation in WebSockets in IBM Db2 Mirror for i - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-36116: CWE-1385 Missing Origin Validation in WebSockets in IBM Db2 Mirror for i

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

Detailed information about CVE-2025-29480: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-29480: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-29480: n/a

A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.

Detailed information about CVE-2025-40596: CWE-121 Stack-based Buffer Overflow in SonicWall SMA 100 Series affecting SonicWall SMA 100 Series. Get real-time upd

CVE-2025-40596: CWE-121 Stack-based Buffer Overflow in SonicWall SMA 100 Series - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-40596: CWE-121 Stack-based Buffer Overflow in SonicWall SMA 100 Series

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter.

CVE-2025-46099 is a vulnerability identified in Pluck CMS version 4.7.20-dev. This vulnerability allows an authenticated attacker to upload or create a malicious PHP file within the albums module directory. The vulnerability arises due to insufficient validation or sanitization in the albums.site.php module routing logic, which permits the attacker to access the crafted PHP file via a GET parameter. Exploiting this flaw enables arbitrary command execution on the server hosting the CMS. The attack requires the attacker to have authenticated access, which implies that the attacker must have valid user credentials or have compromised an account with upload privileges. Once exploited, the attacker can execute commands remotely, potentially leading to full system compromise, data theft, or further lateral movement within the network. No CVSS score has been assigned yet, and no public exploits are currently known in the wild. The vulnerability is significant because it leverages a common web application weakness—improper handling of file uploads and routing logic—resulting in remote code execution (RCE). This type of vulnerability is highly critical in web-facing applications, especially content management systems that are often targeted by attackers due to their widespread use and internet exposure. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for affected organizations to implement mitigations or consider alternative protective measures.

Detailed information about CVE-2025-46099: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-46099: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-46099: n/a

IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Detailed information about CVE-2025-36117: CWE-384 Session Fixation in IBM Db2 Mirror for i affecting IBM Db2 Mirror for i. Get real-time updates, technical det

CVE-2025-36117: CWE-384 Session Fixation in IBM Db2 Mirror for i

CVE-2025-36117: CWE-384 Session Fixation in IBM Db2 Mirror for i

Description

Technical Details

Related Threats

CVE-2025-36116: CWE-1385 Missing Origin Validation in WebSockets in IBM Db2 Mirror for i

CVE-2025-29480: n/a

CVE-2025-40596: CWE-121 Stack-based Buffer Overflow in SonicWall SMA 100 Series

CVE-2025-46099: n/a

CVE-2025-54090: CWE-253 Incorrect Check of Function Return Value in Apache Software Foundation Apache HTTP Server

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility