Lucene search
K

887 matches found

Cvelist
Cvelist
added 2026/05/14 1:0 p.m.61 views

CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 1:0 p.m.59 views

CVE-2026-6637

The CVE-2026-6637 issue affects PostgreSQL’s refint module, causing a stack buffer overflow that could allow an unprivileged database user to execute arbitrary OS-level code running the database. A separate attack path exists when an application exposes a user-controlled column as a refint cascad...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40926

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23 Description A stack buffer overflow in the "refint" module allows an...

10CVSS6.5AI score0.00668EPSS
Exploits0References96
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

PostgreSQL SQL注入漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

8.8CVSS6.5AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29948

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

6.5CVSS5.8AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 3:41 p.m.54 views

CVE-2026-44470 Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. Prior to 1.3834.0, the CoworkVMService component in Claude Desktop for Windows ran as SYSTEM and did not validate whether the VM bundle directory was a real directory or an NT...

8.5CVSS0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 7:16 p.m.21 views

CVE-2026-29202

Insufficient input validation of the plugin parameter of the createuser plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user...

8.8CVSS0.0083EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 7:50 p.m.15 views

CVE-2026-41477

Technical details about CVE-2026-41477 are not publicly available in the provided documents; no affected versions, root cause, or remediation details are disclosed here. Monitor for updates.

7.8CVSS5.7AI score0.00218EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/03 1:27 p.m.3 views

JLSEC-2026-55

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.6AI score0.01208EPSS
Exploits3References1
OSV
OSV
added 2026/04/03 1:27 p.m.3 views

JLSEC-2026-56

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12,...

8.8CVSS6.5AI score0.01079EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 1:27 p.m.6 views

JLSEC-2026-54

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...

8.8CVSS6.3AI score0.00785EPSS
Exploits0References1
NVD
NVD
added 2026/04/01 5:28 p.m.9 views

CVE-2026-20151

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

7.3CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 4:29 p.m.58 views

CVE-2026-20151

Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface vulnerability allows an authenticated remote user to elevate privileges from low to administrative due to improper transmission of sensitive user information. Exploitation requires valid credentials (role: System User); attacker can...

7.3CVSS6AI score0.0027EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 4:29 p.m.2 views

CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

7.3CVSS6AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/01 4:29 p.m.27 views

CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

7.3CVSS0.0027EPSS
Exploits0References1
Cisco
Cisco
added 2026/04/01 4:0 p.m.42 views

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this...

7.3CVSS6AI score0.0027EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/12 11:7 p.m.4 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/03/12 11:7 p.m.7 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/12 10:47 p.m.5 views

postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database...

8.8CVSS6.1AI score0.00785EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/12 10:47 p.m.8 views

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

A heap based buffer overflow flaw has been discovered in PostgreSQL. This Heap buffer overflow is in the pgcrypto component and allows a ciphertext provider to execute arbitrary code as the operating system user running the database...

8.8CVSS6.3AI score0.01208EPSS
Exploits3References5
Rows per page
Query Builder