3962 matches found
CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...
CVE-2026-35561
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...
EUVD-2025-209201
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...
CVE-2025-7024 Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...
CVE-2025-7024 Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...
CVE-2025-7024
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects...
CVE-2025-7024
CVE-2025-7024 affects AIRBUS PSS TETRA Connectivity Server on Windows Server. The issue is an Incorrect Default Permissions vulnerability in the TETRA Connectivity Server, enabling a local attacker to place a crafted file in a vulnerable directory to execute arbitrary code with SYSTEM privileges ...
Airbus AIRBUS PSS TETRA Connectivity Server 安全漏洞
Airbus AIRBUS PSS TETRA Connectivity Server is a communication software developed by Airbus. Version 7.0 of Airbus AIRBUS PSS TETRA Connectivity Server contains a security vulnerability. This vulnerability stems from improper default permission settings, which may lead to unauthorized access and...
PT-2026-29994
Name of the Vulnerable Software and Affected Versions AIRBUS PSS TETRA Connectivity Server version 7.0 Description A flaw exists in AIRBUS PSS TETRA Connectivity Server on Windows Server OS that could allow an attacker to execute arbitrary code with SYSTEM privileges if a user is tricked into...
Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)
Unpatched vulnerabilities remain one of the largest drivers of cyber risk, accounting for nearly 60% of cyber compromises. Modern security programs are therefore measured not only by how quickly they discover risk, but also by how efficiently they remediate it. As organizations scale vulnerabilit...
[SECURITY] Fedora 43 Update: containernetworking-plugins-1.9.1-1.fc43
Reference and example networking plugins, maintained by the CNI team. The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only...
CVE-2026-32942
A flaw was found in PJSIP, a multimedia communication library. A remote attacker could exploit a heap use-after-free vulnerability in the Interactive Connectivity Establishment ICE session. This occurs due to race conditions between session destruction and callbacks, potentially allowing for...
CVE-2026-3550
CVE-2026-3550 – RockPress (WordPress) vulnerability : RockPress
CVE-2026-3550 RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpressimport, rockpressimportstatus, rockpresslastimport, rockpressresetimport, and rockpresscheckservices...
EUVD-2026-13520
PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...
CVE-2026-32939
DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...
PT-2026-26591
The RockPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.17. This is due to missing capability checks on multiple AJAX actions rockpress import, rockpress import status, rockpress last import, rockpress reset import, and rockpress check...
CVE-2026-20074 Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
A vulnerability in the Intermediate System-to-Intermediate System IS-IS multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingre...
The Future of Iran’s Internet Is More Uncertain Than Ever
Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining...
Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3166 (ALAS-2026-3166)
The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3166 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a...