postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

EUVD-2026-29826

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

HashiCorp Nomad vulnerable to a path traversal

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

UBUNTU-CVE-2026-7474

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

PT-2026-40385

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad versions prior to 2.0.1 HashiCorp Nomad Enterprise versions prior to 2.0.1 Description A path traversal attack allows for code execution on the client host. Path traversal is a technique that enables attackers to access files a...

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

CVE-2026-4851

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

SUSE SLES12: postgresql16 / postgresql16-contrib / postgresql16-devel / etc (SUSE-SU-2025:02980-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02980-1 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120...

CVE-2025-2069

A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user...

CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in OLEDB, a component used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the client using OLEDB. The malicious party must trick the victim into contacting a rogue SQL...

Atlassian Jira Server 和 Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. validation, an attacker could exploit the...

The vulnerability of the Parus-Budget unified information system for government management, related to buffer overflows, allows an attacker to execute arbitrary code on the client side.

The vulnerability of the unified information system for government management, Parus-Budget, is related to buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the client side by adding a printer with a name longer than 254 characters...

Fifthplay S.A.M.I Cross-Site Scripting Vulnerability

Fifthplay S.A.M.I is a management interface used in Fifthplay products from Fifthplay Belgium. A cross-site scripting vulnerability exists in versions prior to Fifthplay S.A.M.I 2019.3HP2. The vulnerability stems from the WEB application lacking proper validation of client data. An attacker can...

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2020-04012)

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-35848)

Craft CMS is a content management system CMS. A cross-site scripting vulnerability exists in Craft CMS versions prior to 3.3.8 that can be exploited by an attacker to execute client-side code...