EUVD-2026-29826

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

HashiCorp Nomad vulnerable to a path traversal

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

UBUNTU-CVE-2026-7474

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

PT-2026-40385

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

CVE-2026-4851

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2025:02980-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02980-1 advisory. Upgraded to 16.10: CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table bsc1248120...

CVE-2025-2069

A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user...

CVE-2024-49124 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in OLEDB, a component used by clients to communicate with SQL Server. A malicious party could exploit the vulnerability to execute arbitrary execute arbitrary code on the client using OLEDB. The malicious party must trick the victim into contacting a rogue SQL...

Atlassian Jira Server 和 Data Center 跨站脚本漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. validation, an attacker could exploit the...

Fifthplay S.A.M.I Cross-Site Scripting Vulnerability

Fifthplay S.A.M.I is a management interface used in Fifthplay products from Fifthplay Belgium. A cross-site scripting vulnerability exists in versions prior to Fifthplay S.A.M.I 2019.3HP2. The vulnerability stems from the WEB application lacking proper validation of client data. An attacker can...

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

SolarWinds Orion Platform Cross-Site Scripting Vulnerability (CNVD-2020-04012)

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and analysis of network devices and supports a customizable web interface, multiple user opinions, and a mapped view of the entire network. A...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2019-35848)

Craft CMS is a content management system CMS. A cross-site scripting vulnerability exists in Craft CMS versions prior to 3.3.8 that can be exploited by an attacker to execute client-side code...

UNA Cross-Site Scripting Vulnerability

UNA is a full-stack software platform for building custom community websites, social networks and collaboration centers. A cross-site scripting vulnerability exists in studio/buildermenu.php?page=sets in UNA version 10.0.0-RC1, which stems from a lack of proper validation of client-side data in t...

WordPress Genetechsolutions Pie Register Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Genetechsolutions Pie Register is a website registration plugin used in it. A cross-site scripting vulnerability exists in WordPress...