CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

CVE-2026-6664 vulnerabilities

Vulnerabilities for packages: pgbouncer...

CVE-2026-6664 affecting package pgbouncer for versions less than 1.25.2-1

CVE-2026-6664 affecting package pgbouncer for versions less than 1.25.2-1. An upgraded version of the package is available that resolves this issue...

Exploit for CVE-2026-6664

PgBouncer Crash PoC This repository contains a local proof of...

Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

PT-2026-40424

Name of the Vulnerable Software and Affected Versions dalfox versions prior to 2.12.0 Description When running in REST API server mode dalfox server, the software binds to 0.0.0.0:6664 by default without requiring authentication. An unauthenticated attacker can send a request to the '/scan'...

PT-2026-40425

Name of the Vulnerable Software and Affected Versions dalfox affected versions not specified Description A structural ordering error in the ParameterAnalysis function within pkg/scanning/parameterAnalysis.go allows an unauthenticated remote attacker to crash the dalfox server process. The issue...

CVE-2026-6664

creationtimestamp| type| source ---|---|--- 2026-05-09 18:44:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlgvniz4zf2t 2026-05-12 19:00:12+00:00| seen| Telegram/uli2GhURI2CJbk1kAeqzAiHzDld1f3ZduT020MgDdyP-5f4 2026-05-12 21:00:04+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-6664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote...

MINI-V3Q5-6664-RR6P

Bulletin has no description...

CVE-2025-6664

creationtimestamp| type| source ---|---|--- 2025-06-25 21:45:09+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19526...

CVE-2025-6664

A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-6664 CodeAstro Patient Record Management System cross-site request forgery

A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-6664 CodeAstro Patient Record Management System cross-site request forgery

A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

CVE-2019-6664

On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, network protections on the management port do not follow current best practices...

RHEL 6 / 7 : rh-mysql56-mysql (RHSA-2016:2749)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:2749 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The...

Linux Distros Unpatched Vulnerability : CVE-2016-5617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE...

Linux Distros Unpatched Vulnerability : CVE-2016-6664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1,...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2018:0279)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0279 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

CVE-2012-6664

Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. dot dot in the 1 get or 2 put commands...