Lucene search
K

2996 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774

Summary : ProxySQL 3.0.0–3.0.8 allows read-only requests to execute multi-statement backends, enabling unintended writes via the MCP run_sql_readonly tool. The input validator uses a blacklist/allowlist on the first statement, but then runs the full string against a backend connection created wit...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 5:59 p.m.23 views

CVE-2026-49291

mcp-memory-service (semantic memory layer for AI apps) exposed the HTTP MCP JSON-RPC endpoint at /mcp such that OAuth read scope allowed mutating actions. Before patch 10.65.3, a read-only OAuth client could invoke tools/call to reach store_memory and delete_memory, bypassing REST write scope che...

8.1CVSS5.9AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:59 p.m.21 views

CVE-2026-49291 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call

mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at /mcp requires only OAuth read scope for all requests, then dispatches tools/call directly to handlers that include mutating tools. A read-only OAuth client can call...

8.1CVSS0.00264EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 3:16 p.m.15 views

CVE-2026-52908

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

7.8CVSS0.00129EPSS
Exploits0References5
NVD
NVD
added 2026/06/19 2:16 p.m.16 views

CVE-2026-4026

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 12:59 p.m.19 views

CVE-2026-4026

The CVE-2026-4026 entry affects FlexNet Manager Suite 2025 R1. An authenticated user with read-only access to account settings can escalate privileges to Administrator. The issue has a CVSS 4.0 base score of 8.7 (HIGH) with attack vector Network, low attack complexity, and no user interaction req...

8.7CVSS5.7AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 12:59 p.m.31 views

CVE-2026-4026 FlexNet Manager Suite Privilege Escalation Vulnerability

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:59 p.m.11 views

EUVD-2026-38010

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS5.7AI score0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:59 p.m.5 views

CVE-2026-4026

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 that could allow an authenticated user with read-only access to account settings to escalate their privileges to Administrator level...

8.7CVSS5.7AI score0.00255EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: khugepaged: skip huge page collapse for special files The read-only THP for file systems will collapse the THP for files that are opened in read-only mode and mapped with VMEXEC. The intended use case is to avoid TLB misses f...

5.5CVSS5.8AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we previously set the SBRDONLY flag to prevent any further modifications to the filesystem. We knew that this approach misse...

5.5CVSS6AI score0.00204EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swapspace attribute to avoid kernel panic The commit 8b47299a411a “mm, swap: mark swap address space as read-only and add context debug check” made the swap address space read-only. This could lead to kernel pan...

5.5CVSS5.7AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 12:16 a.m.13 views

CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50881

Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 Description An issue exists where an authenticated user with read-only access to account settings can escalate their privileges to the Administrator level. Recommendations At the moment, there is no information...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51017

Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...

7.5CVSS5.9AI score0.00226EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.40 views

CVE-2026-12045 pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.97 views

CVE-2026-12045

The CVE-2026-12045 affects pgAdmin 4 (from version 9.13 up to before 9.16) and concerns the AI Assistant read-only transaction bypass. A prompt-injection vulnerability allows an attacker who can influence content seen by the AI Assistant to craft LLM-generated SQL payloads that bypass the BEGIN T...

9.4CVSS7AI score0.00482EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.12 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23238)

"In the Linux kernel, the following vulnerability has been resolved: romfs: check sbsetblocksize return value romfsfillsuper ignores the return value of sbsetblocksize, which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by setti...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References3
Rows per page
Query Builder