Lucene search
K

3178 matches found

EUVD
EUVD
added 2026/06/19 11:49 a.m.9 views

EUVD-2026-38006

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 11:49 a.m.39 views

CVE-2026-56141

JetBrains Hub contains a critical vulnerability (CVE-2026-56141) allowing account takeover via predictable restore codes in multiple releases prior to 2026.1.13757 (including 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429). The CVSS 3.1 base score is 9.8 (CRITICAL) with...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in iptables

A buffer overflow in iptables-restore within netfilter iptables version 1.8.2 allows an attacker to at least cause the program to crash or potentially gain control of the system through a specially crafted iptables-save file. This issue is related to the addparamtoargv function in xshared.c...

4.2CVSS6.9AI score0.01809EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/19 3:39 a.m.9 views

CVE-2026-12050

A flaw was found in pgAdmin 4. An authenticated user with an active PostgreSQL session could exploit a SQL injection vulnerability in the named restore point endpoint. This allows the user to execute arbitrary SQL statements through an unexpected path. While this does not grant additional...

8.8CVSS6.1AI score0.00245EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 12:16 a.m.14 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

8.8CVSS0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50875

Name of the Vulnerable Software and Affected Versions JetBrains Hub versions prior to 2026.1.13757 JetBrains Hub versions prior to 2025.3.148033 JetBrains Hub versions prior to 2025.2.148048 JetBrains Hub versions prior to 2025.1.148120 JetBrains Hub versions prior to 2024.3.148430 JetBrains Hub...

9.8CVSS5.9AI score0.00365EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

9.9CVSS6.4AI score0.00354EPSS
Exploits0References43
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.36 views

CVE-2026-12050 pgAdmin 4: SQL injection in named restore point endpoint

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS0.00245EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:37 p.m.8 views

CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/18 11:37 p.m.41 views

CVE-2026-12050

CVE-2026-12050 concerns pgAdmin 4. An authenticated user with a connected PostgreSQL session can exploit a SQL injection in the named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}) because the user-supplied value is interpolated into SQL via string formatting instead of a...

8.8CVSS5.5AI score0.00245EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50816

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 1.0 through 9.15 Description An issue exists in the named restore point endpoint 'POST /browser/server/restore point/gid/sid' where the user-supplied value field is interpolated directly into the SQL string using str.format...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/17 2:16 p.m.12 views

Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

Summary Open WebUI's prompt version-history endpoints authorize the promptid in the URL but then act on caller-supplied history IDs without verifying that the history row belongs to that prompt historyentry.promptid == prompt.id. Three operations are affected: - GET...

6.4CVSS5.6AI score0.00169EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 12:57 p.m.17 views

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

9.8CVSS7.8AI score0.01557EPSS
Exploits1References12
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.7 views

valkey security update

An update is available for valkey. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Valkey is an advanced key-value store. It is often referred to as a data...

8.8CVSS6.8AI score0.02995EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2026/06/17 10:41 a.m.8 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
OSV
OSV
added 2026/06/17 6:0 a.m.5 views

RLSA-2026:26008 Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

8.8CVSS6.2AI score0.02995EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/17 6:0 a.m.7 views

redis:6 security update

An update is available for redis, module.redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as ...

8.8CVSS6.4AI score0.02995EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50487

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI contains an authorization flaw in its prompt version-history endpoints. While the system authorizes the prompt id provided in the URL, it fails to verify that the requested history...

6.4CVSS5.9AI score0.00169EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.17 views

RockyLinux 9 : valkey (RLSA-2026:25925)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25925 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...

8.8CVSS6.7AI score0.02995EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/16 1:39 p.m.8 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
Rows per page
Query Builder