Lucene search
+L

3940 matches found

BDU FSTEC
BDU FSTEC
added yesterday30 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
EUVD
EUVD
added yesterday6 views

EUVD-2026-45183

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday8 views

Gorse < 0.5.10 - Unauthenticated Database Dump

Gorse 0.5.10 contains an authentication bypass caused by empty adminapikey in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty adminapikey configuration. id: CVE-2026-56782 info: name: Gorse 0.5.10 -...

9.8CVSS5.3AI score0.03016EPSS
Exploits2References2
CVE
CVE
added yesterday5 views

CVE-2026-51083

Proxmox VE is affected: incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users with limited privileges to obtain hashed passwords via the cloudinit/dump API. The root cause is an access-control issue in the cloudinit/dump endpo...

6.5CVSS5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-60081

A flaw was found in DBI::ProfileData, a Perl module. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a specially crafted input. The flaw exists because the software does not properly limit the path index when processing profile dump files, which can lead to...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago41 views

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

9.8CVSS7.4AI score0.75556EPSS
Exploits4References5
NVD
NVD
added 4 days ago6 views

CVE-2026-47730

Twig is a template language for PHP. From 3.0.0 until 3.26.0, Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName into HTML output without escaping, allowing attacker-controlled template or profile names to inject arbitrary HTML when a browser renders the profiler dum...

5.4CVSS0.00169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argumen...

6CVSS6.2AI score0.00207EPSS
Exploits1References3
OSV
OSV
added 2026/07/10 7:17 p.m.3 views

DEBIAN-CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/07/10 7:17 p.m.8 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00207EPSS
Exploits1References3
OSV
OSV
added 2026/07/10 7:17 p.m.4 views

UBUNTU-CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References5
OSV
OSV
added 2026/07/10 5:59 p.m.4 views

CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References5
OSV
OSV
added 2026/07/10 3:41 p.m.4 views

MGASA-2026-0240 Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References34
OSV
OSV
added 2026/07/09 12:50 p.m.3 views

OESA-2026-2906 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS6.3AI score0.00154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/07 8:2 p.m.4 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 7:35 p.m.10 views

kernel: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()

A flaw was found in the Linux kernel's nfnetlinkcthelper component. This vulnerability, an out-of-bounds read, occurs in the nfnlcthelperdumptable function when a network connection tracking helper is removed during a dump operation, leading to a bypassed bounds check. A local attacker could...

7.1CVSS5.9AI score0.00132EPSS
Exploits0References5
Rows per page
Query Builder