1007 matches found
CVE-2026-62355
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...
CVE-2026-62350
TDengine (open-source time-series DB) -- vulnerability CVE-2026-62350 allows a user with create_udf privilege to upload a crafted shared library, install it as a UDF (e.g., eval), and execute arbitrary C code on the server via queries. Root cause: improper validation of UDF loading/execution lead...
CVE-2026-62355
TDengine (TDengine Cloud DB) prior to 3.4.1.15 had a permission issue where a Data Reader admin_user could run create udf and access non-database objects, despite read-only intent for standard users. The vulnerability impact is limited to unauthorized creation of user-defined functions and relate...
CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection
Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...
CVE-2026-56121
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...
Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)
Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server...
CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...
CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...
JLSEC-2026-600
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CVE-2026-20245 Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...
Notepad++ < 8.9.6.1 Multiple Vulnerabilities
The version of Notepad++ installed on the remote host is prior to 8.9.6.1. It is, therefore, affected by multiple vulnerabilities: - A crash caused by any malformed structure that could allow an attacker to cause a denial of service condition. CVE-2026-48770 - An arbitrary code execution...
udf: fix partition descriptor append bookkeeping
...
CVE-2026-45991
In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...
Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models
Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix for the warning when handling the discoveridentity message Since both the source and sink devices can send the discoveridentity message in PD3, the kernel may display a warning. ------------ Cut here ---...
CVE-2026-20210
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...
ALPINE-CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
Update May 14, 2026: CISA has updated this Alert to include additional vulnerabilities, CVE-2026-20133 and CVE-2026-20182 and associated resources. The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking SD-WAN systems, including Federa...