Security Vulnerabilities
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.
CVSS Score
6.8
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30