Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/12 10:42 a.m.4 views

CVE-2026-6665

A flaw was found in PgBouncer, a lightweight connection pooler for PostgreSQL. A malicious backend server can exploit a vulnerability in the Salted Challenge Response Authentication Mechanism SCRAM code. By sending a specially crafted server-final-message with an excessively long nonce, the flaw...

9.8CVSS5.7AI score0.0002EPSS
Exploits0References2
OSV
OSVadded 2026/05/12 8:52 a.m.2 views

BIT-PGBOUNCER-2026-6665 PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.0002EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/09 1:16 a.m.3 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.0002EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/09 12:43 a.m.33 views

CVE-2026-6665 PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS0.0002EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/05/09 12:43 a.m.8 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.0002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/09 12:43 a.m.6 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.0002EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/09 12:0 a.m.6 views

PT-2026-39227

Name of the Vulnerable Software and Affected Versions PgBouncer versions prior to 1.25.2 Description The SCRAM code fails to correctly check the return value of the strlcat function when constructing the SCRAM client-final-message. A malicious backend can trigger a stack overflow by sending a SCR...

8.1CVSS5.9AI score0.0002EPSS
Exploits0References9
Rows per page
Query Builder