120739 matches found
EUVD-2026-10342
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2025-70038
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...
CVE-2025-70038
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code...
kernel: Linux kernel use-after-free in eventpoll
A flaw was found in the Linux kernel's eventpoll epoll mechanism. A local attacker could exploit a use-after-free vulnerability due to incorrect handling of the 'ep' refcount while the 'ep' mutex is still held. This can lead to memory corruption, potentially allowing the attacker to achieve...
kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution
A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
CVE-2026-25866
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866
MobaXterm versions prior to 26.1 are affected by an Unquoted Search Path vulnerability. The app uses WinExec to launch Notepad++ without a fully qualified executable path when opening remote files. An attacker can place a malicious executable earlier in the search order, leading to arbitrary code...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corrupti...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...
firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume th...