294 matches found
CVE-2026-35194
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
IBM DB2 Multiple Vulnerabilities (7273554, 7273555, 7273556, 7273557, 7273558) (Unix)
According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user. CVE-2025-13755 - IBM Db2 is vulnerable to a...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities arise from specially crafted queries when autonomous transactions are enabled, which may lead to denial-of-service...
CVE-2026-42944
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...
Astra Linux - уязвимость в mariadb-10.3
It has been discovered that MariaDB Server v10.6 and earlier contains a use-after-free in the mystrcasecmp8bit component, which can be exploited through specially crafted SQL statements...
Astra Linux - уязвимость в mariadb-10.3
A issue in the Createtmptable::finalize component of MariaDB Server v10.7 and below was discovered. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...
BIT-FLINK-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...
Sparx Systems Sparx Pro Cloud Server 安全漏洞
Sparx Pro Cloud Server is a modeling and service platform developed by Sparx Systems in Australia. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained security vulnerabilities. These vulnerabilities stemme...
Astra Linux - уязвимость в bind9
The DNS message parsing code in named includes a section whose computational complexity is excessively high. This does not cause problems for typical DNS traffic, but crafted queries and responses may lead to excessive CPU load on the affected named instance by exploiting this flaw. This issue...
ROS-20260429-73-0021
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0020
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0019
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0014
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0017
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0013
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0018
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
Sensitive Information Disclosure
Vite is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper enforcement of file access restrictions in the dev server, which allows an attacker to bypass deny rules using crafted query parameters and access sensitive files...
CVE-2026-39364
A flaw was found in Vite, a frontend tooling framework for JavaScript. On the Vite development server, a remote attacker could exploit this vulnerability by appending specific query parameters, such as ?raw, to requests. This allows the attacker to bypass security restrictions and retrieve...
SUSE CVE-2026-0396
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...