7.6
CVE-2025-66614 - Apache Tomcat: Client certificate verification bypass due to virtual host mapping
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOLโฆ
0.0
CVE-2026-27123 -
Reason: This candidate was issued in error.
7.4
CVE-2026-2630 - [R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6โฆ
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.
7.1
CVE-2025-36247 - IBM Db2 XML External Entity Reference
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume meโฆ
5.3
CVE-2025-36425 - IBM Db2 Information Disclosure
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
6.5
CVE-2025-13867 - IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 throughย 11.5.9 andย 12.1.0 throughย 12.1.3ย could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic
6.5
CVE-2025-14689 - IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.
6.3
CVE-2026-2618 - Beetel 777VR1 SSH Service risky encryption
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitabilโฆ
8.5
CVE-2026-23648 - Glory RBG-100 Recycler System Local Privilege Escalation via Insecure File Permissions
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify theseโฆ
9.3
CVE-2026-23647 - Glory RBG-100 Recycler System Hard-coded OS Credentials
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded paโฆ