Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

868 matches found

RedhatCVE
RedhatCVEadded 2026/06/11 6:14 p.m.8 views

CVE-2026-53439

A flaw was found in Jenkins. Missing permission checks allow an attacker with Overall/Read permission to determine other users' configured timezone. This vulnerability also enables the attacker to enumerate the view names of other users' "My Views", leading to information disclosure. Mitigation...

4.3CVSS5.1AI score0.00234EPSS
Exploits0References4
NVD
NVDadded 2026/06/10 2:16 p.m.9 views

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:22 p.m.7 views

CVE-2026-7138

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument tz results in os command injection. The attack can be executed remotely. The explo...

10CVSS7.5AI score0.01766EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:15 p.m.4 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References1
SUSE Linux
SUSE Linuxadded 2026/05/27 7:56 a.m.8 views

Security update for postgresql15

This update for postgresql15 fixes the following issues Security issues: CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. CVE-2026-6474: Guard against malicious time zone names...

8.8CVSS6.1AI score0.00471EPSS
Exploits0References36
NVD
NVDadded 2026/05/26 6:16 p.m.14 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS0.00483EPSS
Exploits1References1
CVE
CVEadded 2026/05/26 5:1 p.m.35 views

CVE-2026-46624

CVE-2026-46624 affects Twenty CRM (open source). From 1.7.7 to 1.16.7, a critical Remote Code Execution (RCE) exists via a chained SQL Injection and a PostgreSQL COPY TO PROGRAM attack. If the PostgreSQL user is a super user, any authenticated user can execute arbitrary OS commands on the databas...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/26 5:1 p.m.10 views

CVE-2026-46624 Twenty: SQL Injection via the timeZone field

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:1 p.m.5 views

CVE-2026-46624

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/05/26 5:1 p.m.13 views

EUVD-2026-31907

Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Remote Code Execution RCE vulnerability exists in Twenty CRM via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If Postgres user is a super user then any authenticated user can execute arbitrary OS commands on the...

9.9CVSS6.2AI score0.00483EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.9 views

Twenty 安全漏洞

Twenty is an open-source CRM platform developed by Twenty. Versions 1.7.7 to 1.16.7 of Twenty contain security vulnerabilities. These vulnerabilities stem from SQL injection attacks via uncleaned timeZone parameters and PostgreSQL COPY TO PROGRAM attacks, which may allow authenticated users to...

9.9CVSS6.1AI score0.00483EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.13 views

PT-2026-43352

Name of the Vulnerable Software and Affected Versions Twenty CRM versions 1.7.7 through 1.16.7 Description A Remote Code Execution RCE issue exists via a chained SQL Injection and PostgreSQL COPY TO PROGRAM attack. If the Postgres user is a superuser, any authenticated user can execute arbitrary ...

9.9CVSS6.3AI score0.00483EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/05/21 11:53 a.m.12 views

CVE-2026-6474

A flaw was found in PostgreSQL. This vulnerability, an externally-controlled format string in the timeofday function, allows a remote attacker to craft specific timezone zones. Successful exploitation can lead to the retrieval of sensitive portions of server memory, potentially disclosing...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/14 2:16 p.m.5 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/14 1:0 p.m.50 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS0.00208EPSS
Exploits0References1
CVE
CVEadded 2026/05/14 1:0 p.m.92 views

CVE-2026-6474

CVE-2026-6474 involves PostgreSQL's timeofday() function, where an externally-controlled format string can cause memory disclosure. The vulnerability arises from crafted timezone zones and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23. The connected documents provide the...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/14 1:0 p.m.4 views

CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/10 12:0 a.m.11 views

SUSE SLES15 Security Update : java-17-openjdk (SUSE-SU-2026:1732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1732-1 advisory. Upgrade to upstream tag jdk-17.0.19+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker...

7.5CVSS7.3AI score0.00358EPSS
Exploits0References25
Tenable Nessus
Tenable Nessusadded 2026/05/10 12:0 a.m.14 views

openSUSE 16 Security Update : java-21-openjdk (openSUSE-SU-2026:20681-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20681-1 advisory. Update to upstream tag jdk-21.0.11+10 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon to...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References24
Tenable Nessus
Tenable Nessusadded 2026/05/10 12:0 a.m.12 views

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2026:1703-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1703-1 advisory. Upgrade to upstream tag jdk-11.0.31+11 April 2026 CPU. Security issues fixed: - CVE-2026-22007: Security: unauthenticated attacker with logon t...

7.5CVSS7.3AI score0.00358EPSS
Exploits0References25
Rows per page
Query Builder