Lucene search
K

6948 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Splunk Enterprise 9.3.0 < 9.3.12, 9.4.0 < 9.4.11, 10.0.0 < 10.0.6, 10.2 < 10.2.3 (SVD-2026-0505)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0505 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr,...

7.5CVSS7.1AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 8:23 p.m.7 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches, matchesFull, and replaceMatches functions in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular...

8.7CVSS5.8AI score0.00086EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.17 views

SUSE CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References22
SUSE Linux
SUSE Linux
added 2026/05/18 7:58 a.m.8 views

Security update for php8

This update for php8 fixes the following issues CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776...

9.8CVSS6.5AI score0.0076EPSS
Exploits1References32
GithubExploit
GithubExploit
added 2026/05/17 10:49 a.m.86 views

react2shell-poc

日本語 !CAUTION For Authorized Security Re...

10CVSS8AI score0.99562EPSS
Exploits386
ATTACKERKB
ATTACKERKB
added 2026/05/17 9:15 a.m.10 views

CVE-2026-8744

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogssbisubscriptiondataadd/ogssbinfserviceadd in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit ha...

5.3CVSS5.4AI score0.00455EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command- line argument. This argument is intended to allow use...

9.8CVSS6.2AI score0.00327EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/16 8:4 a.m.18 views

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

...

8.8CVSS5.8AI score0.00464EPSS
Exploits0
OSV
OSV
added 2026/05/15 6:30 p.m.5 views

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References6
NVD
NVD
added 2026/05/15 4:16 p.m.21 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS0.00381EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/15 3:27 p.m.8 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

6.3AI score0.00381EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 3:27 p.m.11 views

EUVD-2026-30550

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 3:27 p.m.7 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

6.3AI score0.00381EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41310

Name of the Vulnerable Software and Affected Versions Apache Flink versions 1.15.0 through 1.20.x Apache Flink versions 2.0.0 through 2.x Description Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using...

8.1CVSS6.3AI score0.00381EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/05/14 8:17 p.m.11 views

CVE-2026-44638

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixeldecoderaw and sixeldecode causes a NULL pointer dereference whenever the allocation fails. The check tests the address of the output parameter alway...

2.5CVSS5.8AI score0.00131EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/14 3:22 p.m.12 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via integer wraparound in the allocation process. An attacker can execute arbitrary code or cause a segmentation fault by providing specially crafted, large-scale inputs to database functions. Remediation...

8.8CVSS7.7AI score0.00668EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 2:16 p.m.9 views

ALPINE-CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 2:16 p.m.14 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS0.00159EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.11 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.16 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS5.9AI score0.00464EPSS
Exploits0References4
Rows per page
Query Builder