Lucene search
K

52870 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/07/01 5:48 p.m.9 views

CVE-2026-47262

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
CVE
CVE
added 2026/07/01 2:7 p.m.34 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

6.5CVSS0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:59 a.m.16 views

CVE-2026-53909

CVE-2026-53909 affects MCO where file upload validation relies solely on client-side checks, allowing an authorized low-priv attacker to upload arbitrary file types to the server. The vulnerability has been confirmed only in version 25.3.3.1, though other versions may also be affected. The docume...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 11:59 a.m.9 views

EUVD-2026-40955

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 a.m.10 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS0.00248EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 6:40 a.m.5 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS8.1AI score0.00464EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40427

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40419

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter...

7.5CVSS6AI score0.00418EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker c...

7.5CVSS6AI score0.00796EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:16 p.m.3 views

DEBIAN-CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.3CVSS5.9AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2025-36327

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 9:7 p.m.14 views

CVE-2026-58450

Invoice Ninja 5.13.26 contains an open redirect in the client portal login. An unauthenticated attacker can craft a login link with a malicious external URL in the intended parameter, which is stored in the user session without host validation and emitted verbatim via a bare redirect in ContactLo...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:7 p.m.35 views

CVE-2026-58450 Invoice Ninja 5.13.26 - Open Redirect in Client Portal Login via intended Parameter

Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...

5.3CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 8:17 p.m.17 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:17 p.m.31 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:17 p.m.6 views

EUVD-2025-210378

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder