Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/06/05 7:7 p.m.9 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 7:7 p.m.29 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 8:13 p.m.9 views

link-preview-js vulnerable to IPv6 and internal loopback attacks

Impact The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. Patches Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package alone. T...

8.7CVSS5.5AI score0.00432EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/05 8:13 p.m.11 views

Server-side Request Forgery (SSRF)

Overview link-preview-js is a Javascript module to extract and fetch HTTP link information from blocks of text. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of IPv6 and internal addresses during the DNS resolution process. An attacke...

8.7CVSS5.8AI score0.00432EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.4 views

PT-2024-4329

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 3.1.3 Apache Superset version 4.0.0 Description The issue is related to improper input validation in Apache Superset, allowing an authenticated attacker to create a MariaDB connection with local infile enabled...

6.8CVSS6.8AI score0.01571EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2024/03/20 12:0 a.m.3 views

PT-2025-2399 · Hive · Hive

Name of the Vulnerable Software and Affected Versions: Hive versions prior to 4.0.1 Description: The issue arises when Hive creates a credentials file in a temporary directory with default permissions of 644, allowing any unauthorized user with access to the directory to read sensitive informatio...

5.5CVSS7.6AI score0.00274EPSS
Exploits0References20
exploitpack
exploitpack
added 1999/02/22 12:0 a.m.14 views

Qbik WinGate 3.0Pro 4.0.1Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)

Qbik WinGate 3.0Pro 4.0.1Standard 4.0.1 - Buffer Overflow Denial of Service PoC source: https://www.securityfocus.com/bid/509/info WinGate's Winsock redirector service is susceptible to a buffer overflow vilnerability that will crash all WinGate services. !/usr/bin/python Qbik Wingate 3.0 DoS Pro...

7.4AI score
Exploits0
Rows per page
Query Builder