|
891
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks PAN-OS® software allows an unauthenticated attacker to cause the firewall to send network requests…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-0258
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
- |
|
-
|
-
|
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerabili…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-0259
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
- |
|
-
|
-
|
Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be …
|
CWE-78
OS Command
|
CVE-2026-0261
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
- |
|
-
|
-
|
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition by sending special…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-0262
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
- |
|
-
|
-
|
A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disru…
|
CWE-606
Unchecked Input for Loop Condition
|
CVE-2026-0243
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
- |
|
-
|
-
|
The ftpcp() function in Lib/ftplib.py was not updated when
CVE-2021-4189 was fixed. While makepasv() was patched to replace
server-supplied PASV host addresses with the actual peer address
(getpee…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8328
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, t…
|
CWE-862
Missing Authorization
|
CVE-2026-6472
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
8.8 |
HIGH
Network
|
-
|
-
|
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6473
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6474
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
8.8 |
HIGH
Network
|
-
|
-
|
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-6475
|
2026-05-15 01:21 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
