7 matches found
CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...
CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...
link-preview-js vulnerable to IPv6 and internal loopback attacks
Impact The library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. Patches Problem has been patched in version 4.0.1. However, it cannot be completely solved by the package alone. T...
Server-side Request Forgery (SSRF)
Overview link-preview-js is a Javascript module to extract and fetch HTTP link information from blocks of text. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of IPv6 and internal addresses during the DNS resolution process. An attacke...
PT-2024-4329
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 3.1.3 Apache Superset version 4.0.0 Description The issue is related to improper input validation in Apache Superset, allowing an authenticated attacker to create a MariaDB connection with local infile enabled...
PT-2025-2399 · Hive · Hive
Name of the Vulnerable Software and Affected Versions: Hive versions prior to 4.0.1 Description: The issue arises when Hive creates a credentials file in a temporary directory with default permissions of 644, allowing any unauthorized user with access to the directory to read sensitive informatio...
Qbik WinGate 3.0Pro 4.0.1Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)
Qbik WinGate 3.0Pro 4.0.1Standard 4.0.1 - Buffer Overflow Denial of Service PoC source: https://www.securityfocus.com/bid/509/info WinGate's Winsock redirector service is susceptible to a buffer overflow vilnerability that will crash all WinGate services. !/usr/bin/python Qbik Wingate 3.0 DoS Pro...