Lucene search
K

884 matches found

OSV
OSV
added 2026/02/12 2:16 p.m.3 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.2AI score0.00785EPSS
Exploits0References1
NVD
NVD
added 2026/02/12 2:16 p.m.5 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS0.00785EPSS
Exploits0References34
NVD
NVD
added 2026/02/12 2:16 p.m.9 views

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS0.01079EPSS
Exploits0References34
UbuntuCve
UbuntuCve
added 2026/02/12 2:16 p.m.5 views

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.2AI score0.01079EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/12 2:16 p.m.5 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS5.9AI score0.00785EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/12 1:57 p.m.4 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via improper validation of multibyte character length in text manipulation. An attacker can execute arbitrary code as the operating system user running the database by issuing specially crafted queries...

8.8CVSS6.3AI score0.01079EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/12 1:55 p.m.2 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the intarray extension selectivity estimator function. An attacker can execute arbitrary code as the operating system user running the database by providing specially crafted input...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 1:0 p.m.4 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References2
CVE
CVE
added 2026/02/12 1:0 p.m.162 views

CVE-2026-2005

CVE-2026-2005 is a heap buffer overflow in PostgreSQL pgcrypto that allows a ciphertext provider to execute code as the DB OS user. Affected: PostgreSQL versions before 18.2, 17.8, 16.12, 15.16, 14.21. Connected advisories confirm this CVE alongside related issues (CVE-2026-2003, -2004, -2006) be...

8.8CVSS6.4AI score0.01208EPSS
Exploits3References34Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/12 1:0 p.m.3 views

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.4AI score0.01208EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2026/02/12 1:0 p.m.3 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.1AI score0.00785EPSS
Exploits0
CVE
CVE
added 2026/02/12 1:0 p.m.54 views

CVE-2026-2004

CVE-2026-2004 affects PostgreSQL with the intarray extension: the selectivity estimator’s input type validation is missing, enabling arbitrary code execution as the database OS user. Affected versions are before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21. The document provides the exploitatio...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References34Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/12 1:0 p.m.7 views

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-2004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the...

8.8CVSS6.3AI score0.00785EPSS
Exploits0References3
PostrgeSql
PostrgeSql
added 2026/02/12 12:0 a.m.32 views

Vulnerability in core server (CVE-2026-2006)

PostgreSQL missing validation of multibyte character length executes arbitrary code Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the...

8.8CVSS6.4AI score0.01079EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.7 views

CVE-2025-69426

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...

10CVSS7.4AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 8:3 p.m.11 views

CVE-2025-37169

CVE-2025-37169 affects the AOS-10 web-based management interface of a Mobility Gateway; a stack overflow could allow an authenticated attacker to execute arbitrary code as a privileged OS user. Evidence across connected advisories confirms the issue is in ArubaOS (AOS-10) web management, with rem...

7.2CVSS7.3AI score0.00477EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.5 views

CVE-2023-31298

Cross Site Scripting XSS vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user...

4.8CVSS6.5AI score0.00436EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:24 p.m.6 views

CVE-2018-14993

The ASUS Zenfone V Live Android device with a build fingerprint of asus/VZWASUSA009/ASUSA009:7.1.1/NMF26F/14.0610.1802.78-20180313:user/release-keys and the Asus ZenFone 3 Max Android device with a build fingerprint of...

7.8CVSS7.1AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.3 views

CVE-2022-37199

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinalcms/system/user/list...

9.8CVSS8.1AI score0.00777EPSS
Exploits1References1
Rows per page
Query Builder