Lucene search
K

51 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-35095

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session...

4.8CVSS0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in mbedtls

Mbed TLS versions before 3.0.1 have a double-free error under certain out-of-memory conditions, as demonstrated by a failure in the mbedtlssslsetsession function...

9.8CVSS8.3AI score0.02569EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 1:16 p.m.10 views

CVE-2026-11956

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS0.00191EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48659

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attac...

6.3CVSS4.9AI score0.00191EPSS
Exploits0References7
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-49

Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...

4.2CVSS6.6AI score0.00705EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-3455

Malware in sbrugna...

10CVSS6.2AI score0.02006EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2006-0685

Malware in sbrugna...

1.5CVSS6.1AI score0.00333EPSS
Exploits0References14
Redos
Redos
added 2024/12/11 12:0 a.m.243 views

ROS-20241211-02

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

8.8CVSS8.6AI score0.04422EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/12/05 9:17 a.m.3 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/05 9:15 a.m.4 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/05 9:15 a.m.5 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/04 3:41 p.m.3 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2024/12/04 2:54 p.m.5 views

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS6.4AI score0.04422EPSS
Exploits1References16
OSV
OSV
added 2024/12/04 2:53 p.m.17 views

SUSE-SU-2024:4176-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2024/12/04 2:52 p.m.4 views

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS6.5AI score0.04422EPSS
Exploits1References16
OSV
OSV
added 2024/12/04 2:51 p.m.14 views

SUSE-SU-2024:4175-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2024/12/04 9:24 a.m.3 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/04 9:24 a.m.28 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/12/04 8:52 a.m.3 views

postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID

A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...

4.2CVSS7.3AI score0.00705EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2024/11/29 9:26 a.m.3 views

Security update for postgresql13

This update for postgresql13 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS7.4AI score0.04422EPSS
Exploits1References16
Rows per page
Query Builder