Lucene search
K

3952 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.16 views

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic devices. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow symbolic link attacks, which...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 a.m.13 views

EUVD-2026-29360

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 3:16 a.m.14 views

CVE-2026-40133

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 2:21 a.m.10 views

CVE-2026-40133 Missing Authorization check in SAP S/4HANA Condition Maintenance

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:21 a.m.41 views

CVE-2026-40133 Missing Authorization check in SAP S/4HANA Condition Maintenance

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:21 a.m.15 views

CVE-2026-40133

SAP S/4HANA Condition Maintenance is affected by a missing authorization check, enabling an authenticated attacker to view and modify condition table records. The impact is described as low for confidentiality, integrity, and availability. The CVE entries (CVE-2026-40133) reference SAP S/4HANA Co...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 a.m.13 views

CVE-2026-40133

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.9 views

From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World

AI pentesting agents are increasingly credible as offensive security systems, but current benchmarks still provide limited guidance on which will perform best in real-world targets. Existing evaluation protocols assess and optimize for predefined goals such as capture-the-flag, remote code...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

SAP S/4HANA Condition Maintenance 安全漏洞

SAP S/4HANA Condition Maintenance is a conditional maintenance function module developed by SAP, a German company, dedicated to enterprise sales, procurement, and pricing rule management. There is a security vulnerability in SAP S/4HANA Condition Maintenance. This vulnerability stems from the lac...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.10 views

PT-2026-39926

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2026-29083

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 6:31 p.m.13 views

GHSA-HP84-P2GQ-6FVR SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/11 6:31 p.m.8 views

SQL Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Maintenance Tool. An attacker can execute arbitrary SQL commands and potentially escalate to operating-system command execution on the database host by supplying crafted input to the...

8.8CVSS6.3AI score0.00456EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.11 views

SQL injection vulnerability in pgAdmin 4 Maintenance Tool

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2025-209767

A reflected cross-site scripted XSS vulnerability in the dfm-menumaintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS6AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 4:17 p.m.23 views

CVE-2026-7815

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS0.00456EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.12 views

CVE-2025-61308

A reflected cross-site scripted XSS vulnerability in the dfm-menumaintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 3:23 p.m.7 views

SUSE CVE-2014-0598

Directory traversal vulnerability in iPrint in Novell Open Enterprise Server OES 11 SP1 before Maintenance Update 9151 on Linux has unspecified impact and remote attack vectors...

10CVSS5.8AI score0.02507EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 2:35 p.m.36 views

CVE-2026-7815 pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution

SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields bufferusagelimit, vacuumparallel, vacuumindexcleanup, reindextablespace were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with th...

8.8CVSS0.00456EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 2:35 p.m.22 views

CVE-2026-7815

The CVE-2026-7815 issue affects pgAdmin 4 maintenance tooling. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated into VACUUM/ANALYZE/REINDEX commands and passed to psql --command. An authenticated user with tools_maint...

8.8CVSS6.2AI score0.00456EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder