Lucene search
K

10160 matches found

CVE
CVE
added yesterday10 views

CVE-2026-62390

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Kylin. A backend API refreshing table catalog may cause the injection to the generated SQL. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version...

9.8CVSS6.1AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday56 views

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

9.9CVSS7AI score0.09685EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

TencentOS Server 4: rust (TSSA-2026:0559)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0559 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.1CVSS6.1AI score0.00193EPSS
Exploits1References2
CVE
CVE
added last week7 views

CVE-2026-10698

CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...

7.2CVSS5.9AI score0.00442EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/06 8:16 p.m.12 views

DEBIAN-CVE-2026-41515

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.9.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the NXP CAAM crypto driver uses...

3.3CVSS6AI score0.00094EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/06 2:55 p.m.18 views

[SECURITY] Fedora 44 Update: python-rpds-py-0.29.0-4.fc44

Python bindings to the Rust rpds crate...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/07/06 9:34 a.m.7 views

EUVD-2026-41864

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS5.9AI score0.00399EPSS
Exploits0References1
Photon
Photon
added 2026/07/04 12:0 a.m.5 views

Important Photon OS Security Update - PHSA-2026-4.0-1050

Updates of 'docker' packages of Photon OS have been released...

7.5CVSS5.9AI score0.00153EPSS
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: tigervnc-1.16.2-4.fc43

Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you ...

9.1CVSS6.8AI score0.00489EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: chisel-fips, flux-source-controller-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, drone-fips, cilium, kubernetes-dashboard, istio, skaffold-fips, frankenphp-8.5, knative-kafka-broker, docker-machine-driver-harvester, coder, flux-source-controller,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

CVE-2026-54898 vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...

2.1CVSS6.1AI score0.00117EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.23 views

CVE-2026-36908

A stack overflow in the AP4Array::EnsureCapacity component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

TencentOS Server 4: kernel (TSSA-2026:0540)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0540 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.4AI score0.00321EPSS
Exploits11References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.9 views

CVE-2026-12046

A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRETKEY and write access to the sessions directory,...

9.5CVSS6.6AI score0.0071EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 12:16 a.m.11 views

CVE-2026-12044

SQL injection in pgAdmin 4 across every dialog template that renders COMMENT ON ... IS '' for a user-supplied description field. The Jinja templates for Domains and their constraints, Foreign Tables, Languages, and Event Triggers, plus the Views OID-lookup query, interpolated the description...

8.8CVSS0.00489EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 11:37 p.m.38 views

CVE-2026-12049

CVE-2026-12049 affects pgAdmin 4. An open redirect vulnerability exists in the MFA flow where the next parameter is not validated against the current origin, allowing an authenticated user to be redirected to an attacker-controlled host via /mfa/validate?next=… This is a trusted-domain redirect r...

6.1CVSS5.4AI score0.00218EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.40 views

CVE-2026-12049 pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated 'next' parameter

Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next= -- a link typically...

5.3CVSS0.00218EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 11:37 p.m.2 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS7.1AI score0.0021EPSS
Exploits0References5
Rows per page
Query Builder