Lucene search
K

10150 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:43 p.m.10 views

Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...

8.7CVSS6.6AI score0.00519EPSS
Exploits1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/15 12:0 a.m.9 views

Security update for ffmpeg-4 (moderate)

openSUSE security update: security update for ffmpeg-4 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20726-1 Rating: moderate References: bsc1262237 Cross-References: CVE-2026-40962 CVSS scores: CVE-2026-40962 SUSE : 4.9...

4.9CVSS5.9AI score0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 7:1 p.m.9 views

CVE-2026-43908 OpenImageIO: Signed integer overflow in ConvertCbYCrYToRGB leads to heap out-of-bounds write in DPX 4:2:2 decoder

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

TencentOS Server 4: LibRaw (TSSA-2026:0233)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0233 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.8CVSS6.2AI score0.00645EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Amazon Linux 2 : python-lxml, --advisory ALAS2-2026-3297 (ALAS-2026-3297)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3297 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

TencentOS Server 4: ruby (TSSA-2026:0297)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0297 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.1CVSS6.1AI score0.01131EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/13 9:27 p.m.12 views

[SECURITY] Fedora 42 Update: nano-8.3-4.fc42

GNU nano is a small and friendly text editor...

5.5CVSS5.8AI score0.00108EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.16 views

SUSE CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7814

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00163EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.15 views

SUSE CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.16 views

SUSE CVE-2026-7816

OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...

8.8CVSS6.1AI score0.01444EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.13 views

SUSE CVE-2026-7818

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.3CVSS6.5AI score0.00131EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.21 views

SUSE CVE-2026-7820

Improper restriction of excessive authentication attempts CWE-307 in pgAdmin 4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References3
OSV
OSV
added 2026/05/13 12:0 a.m.6 views

OPENSUSE-SU-2026:10767-1 ffmpeg-4-4.4.6-12.1 on GA media

These are all security issues fixed in the ffmpeg-4-4.4.6-12.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS5.8AI score0.00134EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-P58C-Q354-6C4F pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 6:31 p.m.6 views

GHSA-HR4R-FWPV-C95J pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29082

Stored cross-site scripting XSS vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names database, schema, table, column, etc. were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute...

4.8CVSS5.7AI score0.00163EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.10 views

pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder