1085549 matches found
CVE-2026-12046
CVE-2026-12046: pgAdmin 4 exposes unauthenticated deserialization sink in SQL Editor close and update_connection routes (DELETE /sqleditor/close/, POST /sqleditor/initialize/sqleditor/update_connection///). Missing @pga_login_required allows unauthenticated access to pickle.loads on session['grid...
CVE-2026-12045 pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...
CVE-2026-12045
The CVE-2026-12045 affects pgAdmin 4 (from version 9.13 up to before 9.16) and concerns the AI Assistant read-only transaction bypass. A prompt-injection vulnerability allows an attacker who can influence content seen by the AI Assistant to craft LLM-generated SQL payloads that bypass the BEGIN T...
CVE-2026-56078
PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...
GHSA-JC38-X7X8-2XC8
creationtimestamp| type| source ---|---|--- 2026-06-18 23:11:33+00:00| seen| https://gist.github.com/alon710/c26988bce97f88a79fd114238aa121f6...
GHSA-5739-39V2-5754
creationtimestamp| type| source ---|---|--- 2026-06-18 22:41:42+00:00| seen| https://gist.github.com/alon710/c128a0f63af7d1e750d123d65278758d...
MAL-2026-6144 Malicious code in runtime-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...
Malicious code in runtime-query (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...
Malicious code in clx-cookie-signature (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...
DEBIAN-CVE-2026-43994
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...
CVE-2026-43994
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...
MINI-6CQ8-PPPP-94WQ
Bulletin has no description...
MINI-9G35-C55Q-6PP7
Bulletin has no description...
UBUNTU-CVE-2026-43994
Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...
CVE-2026-53655 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, saf, pulumi, actions-runner, prism, wazuh-dashboard-fips, renovate, opensearch-dashboards, npm, wazuh-dashboard, graalvm, code-server, homepage...
GHSA-VMF3-W455-68VH vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, saf, pulumi, actions-runner, prism, wazuh-dashboard-fips, renovate, opensearch-dashboards, npm, wazuh-dashboard, graalvm, code-server, homepage...
GHSA-R7G4-QG5F-QQM2 vulnerabilities
Vulnerabilities for packages: langfuse...
CVE-2026-53655 vulnerabilities
Vulnerabilities for packages: npm, pulumi, saf, prism, code-server, renovate...
GHSA-VMF3-W455-68VH vulnerabilities
Vulnerabilities for packages: npm, pulumi, saf, prism, code-server, renovate...
CVE-2026-25865
Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...