CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/06/11 11:44 a.m.•8 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.6AI score0.01228EPSS

Exploits4References4

Snyk•added 2026/03/27 5:12 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the UploadAllFiles function during S3 restore operations when processing tar headers from a supplied backup archive. An attacker can cause the daemon to crash and disrupt the contr...

7.1CVSS5.9AI score0.00385EPSS

Exploits1References2

Github Security Blog•added 2026/03/24 9:49 p.m.•4 views

NATS JetStream has an authorization bypass through its Management API

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore. Problem...

4.9CVSS5.8AI score0.00306EPSS

Exploits0References4Affected Software2

OSV•added 2026/02/26 2:16 a.m.•5 views

AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

9.9CVSS6AI score0.00417EPSS

SUSE CVE•added 2026/02/06 12:26 a.m.•3 views

SUSE CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

Snyk•added 2026/02/05 6:30 p.m.•1 views

Exploits0References3

Authorization Bypass Through User-Controlled Key

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the restore operation. An attacker can gain unauthorized access to restricted operations by extracting the \restrict key in real time and racing the...

7.4CVSS6AI score0.00392EPSS

Exploits0References2

OSV•added 2026/02/05 6:16 p.m.•3 views

CVE-2026-1707

6.3CVSS6AI score

Vulnrichment•added 2026/02/05 5:30 p.m.•6 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

EUVD•added 2026/02/05 5:30 p.m.•5 views

EUVD-2026-5528

ATTACKERKB•added 2026/02/05 5:30 p.m.•5 views

CVE-2026-1707

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/05 12:0 a.m.•7 views

PT-2026-6603

Name of the Vulnerable Software and Affected Versions pgAdmin version 9.11 Description pgAdmin version 9.11 is susceptible to a restriction bypass issue during restore operations when running in server mode and processing PLAIN-format dump files. An attacker with access to the pgAdmin web interfa...

Tenable Nessus•added 2026/01/13 12:0 a.m.•3 views

Exploits0References8

MiracleLinux 8 : postgresql:12 (AXSA:2025-10832:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10832:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

MiracleLinux 8 : postgresql:15 (AXSA:2025-10824:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10824:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

Tenable Nessus•added 2026/01/13 12:0 a.m.•2 views

MiracleLinux 9 : postgresql:16 (AXSA:2025-10800:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10800:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

Tenable Nessus•added 2026/01/13 12:0 a.m.•3 views

MiracleLinux 9 : postgresql-13.22-1.el9_6 (AXSA:2025-10796:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10796:04 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

MiracleLinux 9 : postgresql:15 (AXSA:2025-10826:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10826:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

MiracleLinux 8 : postgresql:16 (AXSA:2025-10816:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10816:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

RedhatCVE•added 2026/01/09 9:24 a.m.•3 views

CVE-2023-40716

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup...

7.8CVSS7.3AI score0.00247EPSS

Tenable Nessus•added 2025/12/15 12:0 a.m.•1 views

RHEL 9 : postgresql:15 (RHSA-2025:15014)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15014 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL executes arbitrary code...