postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

ROOT-OS-DEBIAN-12-CVE-2026-34380 CVE-2026-34380 in rootio-openexr - Patched by Root

Root has patched CVE-2026-34380 in the rootio-openexr package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-41142 CVE-2026-41142 in rootio-openexr - Patched by Root

Root has patched CVE-2026-41142 in the rootio-openexr package for Root:Debian:12. Multiple fixed versions available...

Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image

A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image

A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

CVE-2026-5416 Command Injection via name parameter

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution

Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. id: CVE-2021-3129 info: name:...

Microsoft Open Management Infrastructure - Remote Code Execution

Microsoft Open Management Infrastructure is susceptible to remote code execution OMIGOD. id: CVE-2021-38647 info: name: Microsoft Open Management Infrastructure - Remote Code Execution author: daffainfo,xstp severity: critical description: Microsoft Open Management Infrastructure is susceptible t...

Fortinet FortiOS - Credentials Disclosure

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a...

Node.JS System Information Library <5.3.1 - Remote Command Injection

Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS npm package "systeminformation" is an open source collection of functions to retrieve detailed hardware, system and OS information. id: CVE-2021-21315 info: name: Node.JS System...

Atlassian Bitbucket - Remote Command Injection

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain...

D-Link Routers - Remote Code Execution

D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who...

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

CVE-2026-50255

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

Malicious code in lucide-next (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad695524e214e6208603f864daa0b5680a55247a5eb1d5aa0dfc75713490019b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in terminal-structured-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14080e4c54ea68f090ab98ee4eb27c7e987fe2d5e7ed6c5bb37ed89504a43099 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...