Lucene search
K

3914 matches found

BDU FSTEC
BDU FSTEC
added 7 hours ago21 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00709EPSS
Exploits1References11Affected Software9
Nuclei
Nuclei
added 11 hours ago6 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS6.1AI score0.03016EPSS
Exploits2References2
Nuclei
Nuclei
added 11 hours ago41 views

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

9.8CVSS7.4AI score0.75556EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added yesterday5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argumen...

6CVSS6.2AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00176EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week4 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week10 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-972 Core dump when loading TFLite models with quantization in TensorFlow

Impact Certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling...

5.5CVSS6AI score0.00316EPSS
Exploits1References12
OSV
OSV
added 2026/07/06 3:16 a.m.2 views

DEBIAN-CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

5.3CVSS0.00369EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00369EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 8:19 p.m.5 views

EUVD-2026-41641

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00369EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-28705 Gitea repository dumps write release assets using unsafe path names

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

5.3CVSS6AI score0.00369EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/07/03 3:5 a.m.7 views

SUSE CVE-2026-53097

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...

5.8AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55606

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software uses release tag names and asset names as filesystem path components during the process of dumping release assets. This behavior allows specially crafted names to manipulate the resulting...

5.3CVSS6.1AI score0.00369EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 8:31 p.m.4 views

GHSA-227R-JM2G-7CP4 Steeltoe's sensitive actuators (heapdump/env) only require Restricted permission

Summary All Steeltoe actuator endpoints default to EndpointPermissions.Restricted, which is mapped to Cloud Foundry's readbasicdata permission granted to Space Auditors and similar low-trust roles. Sensitive actuators including heap dump, environment, and thread dump do not raise this to...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer...

6.3CVSS6.3AI score0.00257EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/01 6:20 p.m.5 views

postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory

A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...

8.8CVSS6.6AI score0.00464EPSS
Exploits0References5
Rows per page
Query Builder