Lucene search
K

28 matches found

Github Security Blog
Github Security Blog
added 2026/06/11 8:33 p.m.8 views

AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References5Affected Software11
Snyk
Snyk
added 2026/06/05 9:15 p.m.7 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:55 p.m.9 views

CVE-2026-9617

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

6.8CVSS5.9AI score0.0025EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/22 2:31 p.m.11 views

GHSA-9237-RG5P-RHFW @saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

8.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 2:31 p.m.13 views

@saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.3 views

CVE-2026-28696

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS5.9AI score0.00447EPSS
Exploits1References1
OSV
OSV
added 2026/03/04 4:21 p.m.6 views

CVE-2026-28696 Craft affected by IDOR via GraphQL @parseRefs

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS5.9AI score0.00447EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/04 4:21 p.m.6 views

CVE-2026-28696

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS5.9AI score0.00447EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/04 4:21 p.m.29 views

CVE-2026-28696 Craft affected by IDOR via GraphQL @parseRefs

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS0.00447EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/04 4:21 p.m.3 views

CVE-2026-28696 Craft affected by IDOR via GraphQL @parseRefs

Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive...

8.7CVSS5.9AI score0.00447EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 8:38 p.m.6 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization via the parseRefs directive. An attacker can access sensitive attributes of any element, including user emails, usernames, custom fields, and internal server paths, by...

8.7CVSS5.8AI score0.00447EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/03 8:38 p.m.7 views

Craft CMS has IDOR via GraphQL @parseRefs

The GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs...

8.7CVSS6AI score0.00447EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22948

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and versions prior to 5.9.0-beta.1 Description Craft is a content management system CMS that contains a flaw in the GraphQL directive @parseRefs. This directive, designed to parse internal reference tags,...

8.7CVSS6.1AI score0.00447EPSS
Exploits1References5
OSV
OSV
added 2026/02/11 6:16 p.m.5 views

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

8CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/02/11 6:16 p.m.15 views

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

8CVSS0.00413EPSS
Exploits0References3
OSV
OSV
added 2026/02/11 6:16 p.m.3 views

UBUNTU-CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

8CVSS5.8AI score0.00277EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 5:47 p.m.26 views

CVE-2026-2360 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privileges in PostgreSQL 14

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

8CVSS0.00413EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 5:47 p.m.4 views

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

8CVSS5.6AI score0.00413EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 5:47 p.m.4 views

CVE-2026-2360 Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user to gain superuser privileges in PostgreSQL 14

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

8CVSS5.6AI score0.00413EPSS
Exploits0References3
CVE
CVE
added 2026/02/11 5:47 p.m.20 views

CVE-2026-2360

CVE-2026-2360 affects PostgreSQL Anonymizer. A vulnerability lets a user gain superuser privileges by creating a custom operator in the public schema, placing malicious code there, which is executed with superuser rights when the extension is created. Risk is higher on PostgreSQL 14 or when upgra...

8CVSS5.6AI score0.00413EPSS
Exploits0References3
Rows per page
Query Builder