Lucene search
+L

161 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:0 a.m.7 views

RLSA-2026:26008 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 12:0 a.m.3 views

ALSA-2026:25925 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS8.1AI score0.02995EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2026/06/11 11:44 a.m.10 views

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.6AI score0.02995EPSS
Exploits4References4
Snyk
Snyk
added 2026/03/27 5:12 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the UploadAllFiles function during S3 restore operations when processing tar headers from a supplied backup archive. An attacker can cause the daemon to crash and disrupt the contr...

7.1CVSS5.9AI score0.00385EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/24 9:49 p.m.7 views

NATS JetStream has an authorization bypass through its Management API

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The persistent storage feature, JetStream, has a management API which has many features, amongst which are backup and restore. Problem...

4.9CVSS5.8AI score0.00306EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/02/26 2:16 a.m.6 views

AZL-78593 CVE-2026-27965 affecting package vitess 17.0.7-14

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

9.9CVSS6AI score0.00417EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/06 12:26 a.m.5 views

SUSE CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/05 6:30 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the restore operation. An attacker can gain unauthorized access to restricted operations by extracting the \restrict key in real time and racing the...

7.4CVSS6AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/05 5:30 p.m.5 views

EUVD-2026-5528

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 5:30 p.m.6 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/05 5:30 p.m.6 views

CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/05 5:30 p.m.3 views

CVE-2026-1707 Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS7.2AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.9 views

PT-2026-6603

Name of the Vulnerable Software and Affected Versions pgAdmin version 9.11 Description pgAdmin version 9.11 is susceptible to a restriction bypass issue during restore operations when running in server mode and processing PLAIN-format dump files. An attacker with access to the pgAdmin web interfa...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 8 : postgresql:16 (AXSA:2025-10816:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10816:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

MiracleLinux 9 : postgresql:15 (AXSA:2025-10826:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10826:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 9 : postgresql-13.22-1.el9_6 (AXSA:2025-10796:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10796:04 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 9 : postgresql:16 (AXSA:2025-10800:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10800:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 8 : postgresql:15 (AXSA:2025-10824:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10824:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : postgresql:12 (AXSA:2025-10832:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10832:01 advisory. postgresql: PostgreSQL executes arbitrary code in restore operation CVE-2025-8715 postgresql: PostgreSQL code execution in restore operation...

8.8CVSS8.5AI score0.00736EPSS
Exploits1References3
Rows per page
Query Builder