CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

CVE-2026-22048

StorageGRID formerly StorageGRID Webscale versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID formerly Azure AD as an IdP are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an authenticated...

PT-2026-20299

Name of the Vulnerable Software and Affected Versions StorageGRID versions prior to 11.9.0.12 StorageGRID versions prior to 12.0.0.4 Description StorageGRID, formerly known as StorageGRID Webscale, is affected by a Server-Side Request Forgery SSRF issue when Single Sign-on SSO is enabled and...

PT-2026-7561

An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of...

BIT-HUBBLE-UI-BACKEND-2023-27593

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...

OESA-2024-1124 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prio...

CVE-2023-49343

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

UBUNTU-CVE-2023-49342

Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

PT-2023-31174 · Unknown +3 · Budgie Extras Dropby Applet +3

Name of the Vulnerable Software and Affected Versions: Budgie Extras Dropby applet affected versions not specified Description: Temporary data passed between application components by the Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that...

PT-2023-31178 · Unknown +3 · Budgie Extras +3

Name of the Vulnerable Software and Affected Versions: Budgie Extras affected versions not specified Description: Temporary data passed between application components by Budgie Extras could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who h...

SAP SQL Anywhere 安全漏洞

SAP SQL Anywhere is a SAP-specific relational database management system from SAP, Germany. A security vulnerability exists in SAP SQL Anywhere, which originates from the ability to prevent legitimate users from accessing the service by crashing it...

vitess allows users to create keyspaces that can deny access to already existing keyspaces

...

vitess allows users to create keyspaces that can deny access to already existing keyspaces

Impact Users can either intentionally or inadvertently create a keyspace containing / characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using vtctldclient GetKeyspaces will also return an error. Note th...

SUSE CVE-2006-5158

The nlmclntmarkreclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service process crash and deny access to NFS exports via unspecified vectors that trigger a kernel oops null dereference and a deadlock...

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Trojan.Win32.DarkNeuron.gen Vulnerability: Named...

Exploit for OS Command Injection in Apache Airflow

CVE-2020-11978: Remote code execution in Apache Airflow's Exa...

UBUNTU-CVE-2018-16871

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to...

CVE-2018-14887

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request...