Lucene search
K

6949 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/14 1:0 p.m.8 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 1:0 p.m.7 views

CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 1:0 p.m.10 views

EUVD-2026-30282

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 1:0 p.m.8 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40917

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description Missing authorization in the CREATE TYPE command allows a...

8.8CVSS6AI score0.00668EPSS
Exploits0References97
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...

10CVSS6.1AI score0.00668EPSS
Exploits0References112
PostrgeSql
PostrgeSql
added 2026/05/14 12:0 a.m.17 views

Vulnerability in client (CVE-2026-6477)

PostgreSQL libpq lo functions let server superuser overwrite client stack memory Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an...

8.8CVSS6.1AI score0.00464EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29909

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

6.3CVSS5.8AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29906

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.8AI score0.00094EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 6:16 p.m.22 views

CVE-2026-44003

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.8CVSS0.00248EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 5:30 p.m.30 views

CVE-2026-44003

vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 5:30 p.m.33 views

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.3CVSS0.00248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 5:30 p.m.7 views

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.3CVSS5.8AI score0.00248EPSS
Exploits1References1
Mageia
Mageia
added 2026/05/13 7:0 a.m.12 views

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.0076EPSS
Exploits1References2
NVD
NVD
added 2026/05/13 6:16 a.m.12 views

CVE-2026-21020

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 6:16 a.m.14 views

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

6.3CVSS0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 4:56 a.m.9 views

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

6.3CVSS5.8AI score0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 4:56 a.m.48 views

CVE-2026-21024

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

6.3CVSS0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 4:56 a.m.12 views

CVE-2026-21020

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

5.1CVSS5.8AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 4:56 a.m.29 views

CVE-2026-21020

The CVE-2026-21020 issue relates to OmaCP (Android) where improper export of Android application components allows local attackers to trigger privileged functions. Affected component: OmaCP prior to SMR May-2026 Release 1. Root cause is improper export of components that exposes privileged functi...

7.8CVSS5.8AI score0.00094EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder