Lucene search
K

197 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS0.00646EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 2:31 p.m.44 views

CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 2:31 p.m.15 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56062

SQLChatAgent validate query dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allow dangerous operations=False, combines a raw-text regex blocklist DANGEROUS SQL PATTERNS with a sqlglot SELECT-only...

9.3CVSS6.2AI score0.00646EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.12 views

Microsoft Windows Narrator Braille Support brlapi Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, Braille support for Narrator must be...

7CVSS6AI score0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 4:45 p.m.11 views

EUVD-2026-31886

A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function isdangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handler. Executing a manipulation can lead to os command injection. The attack can be executed remotely...

6.5CVSS6.3AI score0.0105EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

PostgreSQL 14.x < 14.23 / 15.x < 15.18 / 16.x < 16.14 / 17.x < 17.10 / 18.x < 18.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 14 prior to 14.23, 15 prior to 15.18, 16 prior to 16.14, 17 prior to 17.10, or 18 prior to 18.4. As such, it is potentially affected by multiple vulnerabilities: - Stack buffer overflow in PostgreSQL module refint allows an unprivileged...

8.8CVSS6.6AI score0.00668EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/14 3:23 p.m.14 views

Use of Inherently Dangerous Function

Overview Affected versions of this package are vulnerable to Use of Inherently Dangerous Function via the PQfn function when called with resultisint=0 in the loexport, loread, lolseek64, and lotell64 functions. An attacker can overwrite client stack memory with arbitrary data by sending a special...

8.8CVSS7.4AI score0.00464EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 1:0 p.m.13 views

EUVD-2026-30283

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.10 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40922

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description The use of the dangerous function PQfn..., result is int=...

10CVSS6.1AI score0.00464EPSS
Exploits0References169
Cvelist
Cvelist
added 2026/05/12 4:54 p.m.34 views

CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4....

5.3CVSS0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 4:43 p.m.18 views

CVE-2026-25266

CVE-2026-25266 describes memory corruption in the IOCTL handling path when the device is in power-save state. The entry notes a local issue with low attack complexity and low privileges required, no user interaction, and a high impact on confidentiality, integrity, and availability per CVSS 3.1 (...

7.8CVSS5.8AI score0.00071EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 4:43 p.m.31 views

CVE-2026-25266 Exposed dangerous function in windows host

Memory corruption while processing IOCTL command when device is in power-save state...

5.5CVSS0.00071EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/23 12:0 a.m.8 views

Docker Desktop Enhanced Container Isolation Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code within a container in order to exploit this vulnerability. The specific flaw exists within the processing of Docke...

8.8CVSS6AI score0.00211EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.14 views

PT-2026-34799

Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description An issue in the Enhanced Container Isolation feature allows for local privilege escalation due to an exposed dangerous function. Recommendations At the moment, there is no information...

8.8CVSS8AI score0.00211EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.10 views

(0Day) Docker Desktop extension-manager Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The specific flaw exists within the the...

8.2CVSS6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33189

Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability...

5.8AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/04/15 12:0 a.m.8 views

Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Gen Self...

7.8CVSS6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/24 9:19 p.m.5 views

CVE-2025-14489

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.5AI score0.00171EPSS
Exploits0References1
Rows per page
Query Builder