|
1751
|
7.2 |
HIGH
Network
|
postgresql
|
postgresql
|
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next r…
|
CWE-89
SQL Injection
|
CVE-2026-6476
|
2026-05-19 00:02 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1752
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system accou…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-6475
|
2026-05-19 00:02 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1753
|
4.3 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 1…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6474
|
2026-05-19 00:00 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1754
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6473
|
2026-05-18 23:59 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1755
|
5.4 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, t…
|
CWE-862
Missing Authorization
|
CVE-2026-6472
|
2026-05-18 23:59 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1756
|
6.5 |
MEDIUM
Network
|
grafana
|
grafana
|
The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated us…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-28376
|
2026-05-18 23:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1757
|
5.5 |
MEDIUM
Local
|
m2team
|
nanazip
|
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42444
|
2026-05-18 23:17 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1758
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credenti…
|
CWE-89
SQL Injection
|
CVE-2026-6638
|
2026-05-18 23:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1759
|
7.5 |
HIGH
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-42186
|
2026-05-18 23:10 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1760
|
6.5 |
MEDIUM
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain un…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-26062
|
2026-05-18 23:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
