10 matches found
CVE-2026-53448
Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...
CVE-2026-34612
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...
CVE-2026-34612
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...
CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection
Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...
AZL-9023 CVE-2022-0924 affecting package libtiff for versions less than 4.3.0-2
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4...
PostgreSQL Arbitrary Code Execution Vulnerability
PostgreSQL is database software that runs on all major operating systems, including Linux, Windows, Mac OS X, and more. An arbitrary code execution vulnerability exists in PostgreSQL. The vulnerability exists in the import/export data command "COPY TO/FROM PROGRAM", which can be executed by users...
[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access
-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...
DSA-538 rsync - unauthorised directory traversal and file access
Bulletin has no description...
PT-1999-1243 · Uucp · Uucp
Name of the Vulnerable Software and Affected Versions: UUCP affected versions not specified Description: The issue is related to the UUCP service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...