Lucene search
K

9427 matches found

OSV
OSV
added 2026/06/24 12:0 a.m.5 views

ALSA-2026:28999 Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/06/24 12:0 a.m.3 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

AlmaLinux 8 : postgresql:16 (ALSA-2026:28143)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28143 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

8.8CVSS6AI score0.00668EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

AlmaLinux 8 : postgresql:13 (ALSA-2026:28208)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28208 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 Tenable has extracted the preceding description blo...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

RHEL 8 : postgresql:12 (RHSA-2026:28999)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28999 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

8.8CVSS6AI score0.00668EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 9:17 p.m.7 views

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:3 p.m.17 views

CVE-2026-53928

NocoDB (CVE-2026-53928) had a flaw where a stolen refresh token could survive a password-forgot flow and be used to mint new JWTs after password reset. The root cause was that passwordForgot only rotated token_version and revoked OAuth tokens, but did not call UserRefreshToken.deleteAllUserToken(...

6.3CVSS5.9AI score0.00242EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:3 p.m.5 views

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS5.9AI score0.00242EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 8:3 p.m.26 views

CVE-2026-53928 NocoDB: Refresh Tokens Persist Through Password Recovery

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

6.3CVSS0.00242EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/06/23 6:0 p.m.5 views

postgresql:13 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS5.9AI score0.00558EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/23 1:42 p.m.6 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2025-71337

Flowise before 3.0.10 affected versions 3.0.7 and earlier contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the...

8.7CVSS0.00296EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 12:12 p.m.13 views

CVE-2025-71337

CVE-2025-71337 affects Flowise before 3.0.10 (impacted: 3.0.7 and earlier). A authenticated user can change the account email via the account profile endpoint without confirming the change to the original email or re-entering the current password, enabling potential account takeover and abuse of ...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References2Affected Software1
Rockylinux
Rockylinux
added 2026/06/23 12:1 p.m.7 views

postgresql:16 security update

An update is available for postgres-decoderbufs, module.postgres-decoderbufs, postgresql, module.pgaudit, module.pgrepack, pgaudit, pgrepack, module.postgresql. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6AI score0.00668EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/23 10:39 a.m.7 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51490

Name of the Vulnerable Software and Affected Versions Flowise versions 3.0.7 and earlier Description An authenticated user can change the account email address, which serves as the login identifier and password-recovery channel, via the account profile endpoint. This process occurs without...

8.7CVSS5.8AI score0.00296EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

RHEL 8 : postgresql:13 (RHSA-2026:28208)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28208 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

RockyLinux 8 : postgresql:13 (RLSA-2026:28208)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28208 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 Tenable has extracted the preceding description...

8.2CVSS6.7AI score0.00558EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/23 12:0 a.m.3 views

Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 For more details about the security issues, including the impact, a CVSS score,...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

RHEL 8 : postgresql:16 (RHSA-2026:28143)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28143 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

8.8CVSS6AI score0.00668EPSS
Exploits0References6
Rows per page
Query Builder