900 matches found
ETQ Reliance - Authentication Bypass via Trailing Space
An authentication bypass vulnerability exists in ETQ Reliance on the CG legacy platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login pag...
CVE-2026-20296
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
CVE-2026-20296
The provided records identify CVE-2026-20296 as a CSRF-based bypass in Splunk Deployment Server within Splunk Enterprise and Splunk Cloud Platform. Affected versions are Splunk Enterprise below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform below 10.5.2605.0, 10.4.2604.7, 10.3.2512...
CVE-2026-20296
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...
PT-2026-60233
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Cloud Platform versions prior to 10.5.2605.0 Splunk Cloud Platfo...
Windows Internal System User Profile Elevation of Privilege Vulnerability
Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of type validation for input in the PostgreSQL intarray extension’s selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of validation for multibyte character lengths in PostgreSQL text manipulation allows a database user to execute crafted queries that lead to a buffer overflow. This enables the execution of arbitrary code as the operating system user running the database. Versions prior to PostgreSQL 18.2,...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
K000161732: PostgreSQL vulnerabilities CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006
Security Advisory Description CVE-2026-2004 Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16...
postgresql: PostgreSQL: Arbitrary code execution vulnerability in 'refint' module
A flaw was found in PostgreSQL. A stack buffer overflow in the 'refint' module allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, a separate vulnerability exists where, if an application uses a user-controlled column as ...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
OFCMS SQL注入漏洞
OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...