247 matches found
EUVD-2026-40009
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::statekey of the file src/query/service/src/servers/http/v1/session/clientsessionmanager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is...
CVE-2026-13512
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::statekey of the file src/query/service/src/servers/http/v1/session/clientsessionmanager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is...
CVE-2026-13512 Databend Tenant client_session_manager.rs state_key authorization
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::statekey of the file src/query/service/src/servers/http/v1/session/clientsessionmanager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is...
PT-2026-53168
Name of the Vulnerable Software and Affected Versions Databend versions prior to 1.2.882 Description An authorization bypass exists in the HTTP Tenant Handler component. The issue resides in the ClientSessionManager::state key function within the src/query/service/src/servers/http/v1/session/clie...
EUVD-2026-36364
Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...
EUVD-2026-36365
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...
CVE-2026-45172
Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...
CVE-2026-45171
Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...
CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command
Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...
CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command
Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...
CVE-2026-45172
The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...
CyberArk Idira Privileged Session Manager 操作系统命令注入漏洞
CyberArk Idira Privileged Session Manager is a privileged session management platform developed by the American company CyberArk. Versions of CyberArk Idira Privileged Session Manager for SSH prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 contained an operating system command injection vulnerability...
PT-2026-48788
Name of the Vulnerable Software and Affected Versions Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2 Idira Privileged Session Manager for SSH PSMP versions prior to 14.6.3 Idira Privileged Session Manager for SSH PSMP versions prior to 14.2.5 Idira Privileged Session Manag...
SUSE CVE-2026-7818
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818
CVE-2026-7818 affects pgAdmin 4: Unsafe deserialization in FileBackedSessionManager allows an authenticated user with write access to the sessions directory to craft a payload that could lead to operating-system level remote code execution under the pgAdmin process identity. The root cause is des...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...