Lucene search
+L

399 matches found

NVD
NVD
added 2026/07/10 11:16 a.m.12 views

CVE-2026-58225

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS0.00163EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/10 10:51 a.m.6 views

EUVD-2026-42867

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/10 10:51 a.m.9 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 10:51 a.m.13 views

CVE-2026-58225

This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/10 10:51 a.m.36 views

CVE-2026-58225 SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS0.00163EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 11:54 p.m.8 views

CVE-2026-53010

A flaw was found in the Linux kernel's ksmbd component. During a durable reconnect process in the smb2open function, a reference to a durable file descriptor is prematurely dropped. This can lead to a use-after-free vulnerability, potentially resulting in system instability or a denial of service...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53010

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor...

9.8CVSS6AI score0.00435EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38878

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

5.7AI score0.00435EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-53010

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.36 views

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:29 p.m.14 views

CVE-2026-53010

The CVE-2026-53010 vulnerability is in the Linux kernel ksmbd component. In smb2_open during a durable reconnect, a reference to the durable file descriptor is dropped too early (ksmbd_put_durable_fd(fp)), risking a use-after-free when error handling or scavenger access occurs (fp fields like cre...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/24 4:29 p.m.5 views

CVE-2026-53010 ksmbd: fix use-after-free in smb2_open during durable reconnect

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2open during durable reconnect In smb2open, the call to ksmbdputdurablefdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:29 p.m.11 views

CVE-2026-52996

Technical details are not publicly available in the provided documents. Monitor for updates.

5.5CVSS6AI score0.00135EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/rds: The reconnect-pending bit. When canceling the reconnect worker, care must be taken to reset the reconnect-pending bit. If the reconnect worker has not yet been scheduled before it is canceled, the reconnect-pending bit...

7.5CVSS5.7AI score0.00523EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-fc: The use of lock access to portstate and rportstate was corrected. nvmefcunregisterremote removes the remote port from a lport object at any time when there is no active association. This issue conflicts with the...

6AI score0.00205EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51904

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in smb2 open during durable reconnect In smb2 open, the call to ksmbd put durable fdfp drops the reference to the durable file descriptor early during the durable reconnect process. If an error occurs...

9.8CVSS5.7AI score0.00435EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 5:17 p.m.9 views

CVE-2026-45732

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:52 p.m.40 views

CVE-2026-45732

CVE-2026-45732 affects n8n, an open-source workflow automation platform. The vulnerability lies in the OAuth1/OAuth2 credential reconnect endpoints, which incorrectly authorize access using credential:read instead of credential:update. An authenticated user with read-only access to a shared crede...

8.3CVSS5.9AI score0.00315EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 3:52 p.m.5 views

CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS6AI score0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 3:52 p.m.49 views

CVE-2026-45732 n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00315EPSS
Exploits0References1
Rows per page
Query Builder