1033 matches found
CVE-2026-11889 SALTO ProAccess Space Authorization Bypass Through User-Controlled Key
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
CVE-2026-11889
CVE-2026-11889 concerns SALTO ProAccess Space software with the tenancy/partition feature. The issue enables privilege escalation that could let an authenticated attacker access any space managed by the affected installation. Exploitation requires valid authenticated operator credentials and the ...
EUVD-2026-41504
libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...
CVE-2026-53021
A flaw was found in the Linux kernel's SCSI target core. The sbcexecuteunmap function, which handles UNMAP operations, is vulnerable to an integer overflow. This vulnerability occurs because the bounds check for the Logical Block Address LBA and range does not prevent a 64-bit overflow. An attack...
CVE-2026-53021
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbcexecuteunmap checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow che...
PT-2026-51746
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A logical error in the connection pooling mechanism allows the software to reuse an incorrect connection for Negotiate-authenticated requests. This occurs even when the requests are configure...
PT-2026-51915
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the SCSI target core component. The sbc execute unmap function verifies that the Logical Block Address LBA plus the range does not exceed the device capacit...
PT-2026-51909
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the erofs component where the lcn variable was typed as unsigned long or unsigned int. On 32-bit platforms, this variable is only 32 bits wide, leading to the truncati...
Inefficient Algorithmic Complexity
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the query-depth processing in validateQueryDepth and...
SUSE-SU-2026:22149-1 Security update for postgresql17
This update for postgresql17 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...
CVE-2026-47224
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...
CVE-2026-47224
Summary: CVE-2026-47224 affects NanaZip on Windows: a heap buffer-overflow read in the LVM2 physical-volume metadata parser (via the upstream 7-Zip LvmHandler) can be triggered by opening a crafted LVM disk image. Affected are NanaZip versions 3.0.1000.0 through 6.0.1697.999; the issue is fixed i...
CVE-2026-47224 NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...
CVE-2026-47224 NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...
EUVD-2026-36507
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
Security update for postgresql17
This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against...
JLSEC-2026-608
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...
postgresql: PostgreSQL: Arbitrary SQL execution via SQL injection in logical replication
A flaw was found in PostgreSQL. This SQL injection vulnerability exists within the logical replication feature, specifically when using the ALTER SUBSCRIPTION ... REFRESH PUBLICATION command. A malicious subscriber table creator can exploit this flaw to execute arbitrary SQL commands with the...
CVE-2025-70100
CVE-2025-70100 affects lwext4 1.0.0. A divide-by-zero in ext4_block_set_lb_size (src/ext4_blockdev.c) can cause denial of service when processing a malformed ext4 image, triggering a Floating-Point Exception or crash due to missing lb_size validation during mount/image handling. Connected sources...