Lucene search
K

1007 matches found

NVD
NVD
added yesterday6 views

CVE-2026-62355

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...

5.4CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-62350

TDengine (open-source time-series DB) -- vulnerability CVE-2026-62350 allows a user with create_udf privilege to upload a crafted shared library, install it as a UDF (e.g., eval), and execute arbitrary C code on the server via queries. Root cause: improper validation of UDF loading/execution lead...

7.2CVSS6.3AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-62355

TDengine (TDengine Cloud DB) prior to 3.4.1.15 had a permission issue where a Data Reader admin_user could run create udf and access non-database objects, despite read-only intent for standard users. The vulnerability impact is limited to unauthorized creation of user-defined functions and relate...

5.4CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 8:12 p.m.32 views

CVE-2026-48800 Notepad++: Arbitrary Code Execution via shortcuts.xml UserCommand Injection

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag text content inside in shortcuts.xml is read by NppXml::valueaNode Parameters.cpp:3658 in the feedUserCmds function and stored in UserCommand.cmd without any validation. When the user clicks the corresponding entry ...

7.8CVSS0.0036EPSS
Exploits3References2
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS0.00862EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 2:38 p.m.3 views

Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)

Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server...

6.5CVSS5.3AI score0.00328EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 4:21 p.m.6 views

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.6AI score0.07683EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/12 2:11 p.m.30 views

CVE-2026-8694 Improper access control on the API documentation endpoint in PowerShell Universal

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints...

0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:54 p.m.10 views

JLSEC-2026-600

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 10:33 p.m.68 views

CVE-2026-20245 Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS0.25323EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.78 views

Notepad++ < 8.9.6.1 Multiple Vulnerabilities

The version of Notepad++ installed on the remote host is prior to 8.9.6.1. It is, therefore, affected by multiple vulnerabilities: - A crash caused by any malformed structure that could allow an attacker to cause a denial of service condition. CVE-2026-48770 - An arbitrary code execution...

7.8CVSS6.6AI score0.01314EPSS
Exploits8References8
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:4 a.m.10 views

udf: fix partition descriptor append bookkeeping

...

7.8CVSS5.4AI score0.00169EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/27 12:55 p.m.12 views

CVE-2026-45991

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

7.8CVSS5.7AI score0.00169EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/25 12:0 a.m.14 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix for the warning when handling the discoveridentity message Since both the source and sink devices can send the discoveridentity message in PD3, the kernel may display a warning. ------------ Cut here ---...

5.5CVSS5.5AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 5:16 p.m.51 views

CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

5.4CVSS0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 2:16 p.m.12 views

ALPINE-CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 2:16 p.m.13 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.14 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0
CISA
CISA
added 2026/05/14 12:0 p.m.28 views

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Update May 14, 2026: CISA has updated this Alert to include additional vulnerabilities, CVE-2026-20133 and CVE-2026-20182 and associated resources. The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking SD-WAN systems, including Federa...

10CVSS7.4AI score0.88496EPSS
In wildExploits15References18
Rows per page
Query Builder