Lucene search
K

10 matches found

CVE
CVE
added 3 days ago12 views

CVE-2026-53448

Coturn’s CVE-2026-53448 concerns the HTTPS admin panel, where prior to 4.12.0 HTTP query parameters were interpolated into SQL queries without sanitization. The is_secure_string filter guarding the STUN path is not applied to admin panel operations delete-user, delete-secret, and delete-IP, allow...

7.2CVSS6.2AI score0.00677EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.15 views

pgAdmin SQL注入漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...

8.8CVSS6.1AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.2 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 11:17 p.m.5 views

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS0.00656EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/03 10:39 p.m.2 views

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00656EPSS
Exploits1References3
OSV
OSV
added 2022/03/11 6:15 p.m.5 views

AZL-9023 CVE-2022-0924 affecting package libtiff for versions less than 4.3.0-2

Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4...

5.5CVSS6.7AI score0.0133EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/27 12:0 a.m.25 views

PostgreSQL Arbitrary Code Execution Vulnerability

PostgreSQL is database software that runs on all major operating systems, including Linux, Windows, Mac OS X, and more. An arbitrary code execution vulnerability exists in PostgreSQL. The vulnerability exists in the import/export data command "COPY TO/FROM PROGRAM", which can be executed by users...

9CVSS9.8AI score0.91877EPSS
Exploits17References1
Debian
Debian
added 2004/08/17 7:6 a.m.24 views

[SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 538-1 [email protected] http://www.debian.org/security/ Martin Schulze August 17th, 2004 http://www.debian.org/security/faq -...

6.9AI score
Exploits0
OSV
OSV
added 2004/08/17 12:0 a.m.21 views

DSA-538 rsync - unauthorised directory traversal and file access

Bulletin has no description...

6.4CVSS6AI score0.02317EPSS
Exploits0
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.4 views

PT-1999-1243 · Uucp · Uucp

Name of the Vulnerable Software and Affected Versions: UUCP affected versions not specified Description: The issue is related to the UUCP service being active. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.2AI score0.01293EPSS
Exploits0References2
Rows per page
Query Builder