884 matches found
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...
CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation of multibyte character length in text manipulation. An attacker can execute arbitrary code as the operating system user running the database by issuing specially crafted queries...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the intarray extension selectivity estimator function. An attacker can execute arbitrary code as the operating system user running the database by providing specially crafted input...
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2005
CVE-2026-2005 is a heap buffer overflow in PostgreSQL pgcrypto that allows a ciphertext provider to execute code as the DB OS user. Affected: PostgreSQL versions before 18.2, 17.8, 16.12, 15.16, 14.21. Connected advisories confirm this CVE alongside related issues (CVE-2026-2003, -2004, -2006) be...
CVE-2026-2005
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
CVE-2026-2004
CVE-2026-2004 affects PostgreSQL with the intarray extension: the selectivity estimator’s input type validation is missing, enabling arbitrary code execution as the database OS user. Affected versions are before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. The document provides the exploitatio...
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
Linux Distros Unpatched Vulnerability : CVE-2026-2004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the...
Vulnerability in core server (CVE-2026-2006)
PostgreSQL missing validation of multibyte character length executes arbitrary code Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the...
CVE-2025-69426
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-37169
CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...
CVE-2023-31298
Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...
CVE-2018-14993
The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of...
CVE-2022-37199
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/user/list...