Lucene search
+L

900 matches found

UbuntuCve
UbuntuCve
added 2026/02/12 2:16 p.m.6 views

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.2AI score0.01079EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/12 1:57 p.m.4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation of multibyte character length in text manipulation. An attacker can execute arbitrary code as the operating system user running the database by issuing specially crafted queries...

8.8CVSS6.3AI score0.01079EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/12 1:55 p.m.4 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the intarray extension selectivity estimator function. An attacker can execute arbitrary code as the operating system user running the database by providing specially crafted input...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 1:0 p.m.7 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References2
CVE
CVE
added 2026/02/12 1:0 p.m.198 views

CVE-2026-2005

CVE-2026-2005 is a heap buffer overflow in PostgreSQL pgcrypto that allows a ciphertext provider to execute code as the DB OS user. Affected: PostgreSQL versions before 18.2, 17.8, 16.12, 15.16, 14.21. Connected advisories confirm this CVE alongside related issues (CVE-2026-2003, -2004, -2006) be...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References34Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.01208EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2026/02/12 1:0 p.m.8 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References2
CVE
CVE
added 2026/02/12 1:0 p.m.59 views

CVE-2026-2004

CVE-2026-2004 affects PostgreSQL with the intarray extension: the selectivity estimator’s input type validation is missing, enabling arbitrary code execution as the database OS user. Affected versions are before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. The document provides the exploitatio...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References34Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.1AI score0.00785EPSS
Exploits0
PostrgeSql
PostrgeSql
added 2026/02/12 12:0 a.m.48 views

Vulnerability in core server (CVE-2026-2006)

PostgreSQL missing validation of multibyte character length executes arbitrary code Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the...

8.8CVSS6.4AI score0.01079EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-2004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the...

8.8CVSS6.3AI score0.00785EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.8 views

CVE-2025-69426

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS7.4AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 8:3 p.m.15 views

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

7.2CVSS7.3AI score0.00477EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.7 views

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

4.8CVSS6.5AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:24 p.m.7 views

CVE-2018-14993

The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of...

7.8CVSS7.1AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.4 views

CVE-2022-37199

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/user/list...

9.8CVSS8.1AI score0.00777EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.10 views

CVE-2019-18670

In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...

7.8CVSS7.1AI score0.00793EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.9 views

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM...

7.8CVSS7AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.16 views

CVE-2019-16752

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP...

4.3CVSS6.8AI score0.00407EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-7844

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A lack of input type validation within the selectivity...

9CVSS6AI score0.00785EPSS
Exploits0References200
Rows per page
Query Builder