Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/05/12 10:42 a.m.6 views

CVE-2026-6665

A flaw was found in PgBouncer, a lightweight connection pooler for PostgreSQL. A malicious backend server can exploit a vulnerability in the Salted Challenge Response Authentication Mechanism SCRAM code. By sending a specially crafted server-final-message with an excessively long nonce, the flaw...

9.8CVSS5.7AI score0.00372EPSS
Exploits0References2
OSV
OSVadded 2026/05/09 1:16 a.m.4 views

DEBIAN-CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.00372EPSS
Exploits0References1
NVD
NVDadded 2026/05/09 1:16 a.m.14 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/09 12:43 a.m.8 views

CVE-2026-6665 PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.00372EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/09 12:43 a.m.7 views

EUVD-2026-28877

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/09 12:43 a.m.6 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/09 12:0 a.m.6 views

PT-2026-39227

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description The SCRAM code fails to correctly check the return value of the strlcat function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCR...

8.1CVSS5.9AI score0.00372EPSS
Exploits0References9
UbuntuCve
UbuntuCveadded 2019/03/06 9:29 p.m.32 views

CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

7.4CVSS6.5AI score0.04961EPSS
Exploits0References2
Rows per page
Query Builder