Lucene search
K

159 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-58014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty...

8.6CVSS6AI score0.00293EPSS
Exploits1References4
NVD
NVD
added 2026/06/30 1:19 p.m.9 views

CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

8.6CVSS0.00293EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 1:19 p.m.4 views

UBUNTU-CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

8.6CVSS5.7AI score0.00293EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/30 12:57 p.m.6 views

CVE-2026-58014

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

8.6CVSS5.8AI score0.00293EPSS
Exploits1
EUVD
EUVD
added 2026/06/30 12:57 p.m.7 views

EUVD-2026-40316

A flaw was found in GLib. An off-by-one error can occur in the gkeyfilegetlocalestringlist function in the gkeyfile.c file when loading a key file with an empty value. This flaw can cause an out-of-bounds access of 1 byte or a denial of service when the out-of-bounds access crosses a page boundar...

7.3CVSS5.8AI score0.00293EPSS
Exploits1References3
Mageia
Mageia
added 2026/06/10 5:7 a.m.14 views

Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

8.8CVSS6.2AI score0.02394EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/06/08 3:11 a.m.944 views

curl: SSH/SFTP connection reuse can bypass SSH key identity after ssh_config_matches removal

Summary: libcurl's SSH/SFTP connection reuse logic no longer binds a pooled SSH connection to the SSH key identity requested by the new transfer. After sshconfigmatches was removed, urlmatchprotoconfig again has no SSH-specific check for CURLOPTSSHPUBLICKEYFILE or CURLOPTSSHPRIVATEKEYFILE. An...

7.7CVSS7.5AI score0.02596EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.8 views

libssh: Use of uninitialized variable in privatekey_from_file()

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS6.6AI score0.00181EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/14 2:58 p.m.10 views

Insufficiently Protected Credentials

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Insufficiently Protected Credentials with the credentialName filter parameter, over the credentials API endpoint. An attacker can access encryptedData, containing encrypted credential data such as API keys,...

6CVSS5.8AI score0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/12 8:2 p.m.33 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.01102EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2026-29085

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.12 views

pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/11 6:31 p.m.8 views

GHSA-P58C-Q354-6C4F pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/11 5:17 p.m.8 views

Directory Traversal

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Directory Traversal via the apikeyfile and apiurl preferences in the LLM API configuration endpoints. An attacker can access arbitrary files on the server or induce the server to make requests to internal...

7.1CVSS6.3AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 4:17 p.m.16 views

CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 2:35 p.m.10 views

CVE-2026-7817

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/11 2:35 p.m.20 views

CVE-2026-7817

PgAdmin 4 LLM API configuration endpoints are affected by CVE-2026-7817, which exposes Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). An authenticated user can abuse api_key_file and api_url preferences to read arbitrary server-side files or trigger requests to internal target...

7.1CVSS6AI score0.00217EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 2:35 p.m.11 views

CVE-2026-7817 pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints

Local file inclusion LFI and server-side request forgery SSRF vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by...

7.1CVSS6AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 11:50 p.m.2 views

CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

3.4CVSS6.6AI score0.00114EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software developed by Rapid7 Corporation in the United States. This software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability, which stems from improper permissions settings in the client key file. This...

6.8CVSS5.8AI score0.00075EPSS
Exploits0References1
Rows per page
Query Builder