VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
246 advisories across 32 monitored vendors.
Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers. Red Hat rates this important (CVSS 9). Weakness: CWE-79. Affected products named by the advisory: Migration Toolkit for Applications 8; Red Hat OpenShift AI (RHOAI); Red Hat Enterprise Linux.
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution or conduct information disclosure attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][<trans_id>]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session. The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle payload, which in turn requires both (a) knowledge of pgAdmin's Flask SECRET_KEY (no chain to leak it is described here -- the attacker must already possess it) and (b) write access to pgAdmin's sessions/ directory on the host. Neither precondition is granted by this defect on its own. When those preconditions are met from another channel (misconfigured deployment, prior compromise, leaked configuration), the missing auth gate is the final hop that turns an existing partial compromise into unauthenticated code execution in the pgAdmin process -- and, by extension, on the host under whatever account runs pgAdmin. Fix is a one-line @pga_login_required decorator on each of the two endpoints, matching the convention used by every other route in the module. The is_authenticated / MFA chain now runs before the trans_id is dereferenced, so an unauthenticated request is rejected before reaching the deserialization path. The defect is server-mode only. In DESKTOP mode pgAdmin's before_request hook re-authenticates DESKTOP_USER on every request, so no endpoint can be exercised in an unauthenticated state and no auth decorator (or its absence) is meaningful. The accompanying regression test mirrors the attacker's path -- harvests an X-pgA-CSRFToken from GET /login and replays it against both endpoints -- and self-skips outside server mode for that reason; it is wired into the existing server-mode CI workflow alongside the data-isolation tests. This issue affects pgAdmin 4: from 6.9 before 9.16. A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRET_KEY and write access to the sessions directory, this vulnerability could enable unauthenticated remote code execution on the server. This issue primarily affects pgAdmin 4 deployments in server mode. This is an Important flaw in pgAdmin 4, as it could lead to unauthenticated remote code execution on the server. However, successful exploitation requires an attacker to already possess the Flask SECRET_KEY and have write access to the pgAdmin sessions directory, which significantly raises the bar for exploitation and implies a prior compromise or misconfiguration. This vulnerability is specific to pgAdmin 4 deployments operating in server mode. Red Hat severity: Important — CVSS 9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Weakness: CWE-306. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's execute_sql_query tool runs LLM-generated SQL inside a BEGIN TRANSACTION READ ONLY wrapper to prevent data modification. The LLM-supplied query was forwarded to the database driver without restriction to a single statement or to read-only verbs, so a multi-statement payload beginning with COMMIT, END, ROLLBACK, or ABORT terminated the read-only transaction and ran subsequent statements in autocommit mode. The trailing ROLLBACK then had no effect. Delivery is via prompt injection: an attacker who can write content into any object the AI Assistant may inspect (a row, a column value, a comment) can cause the LLM to emit the multi-statement payload as a tool call. With ordinary write privileges on the pgAdmin user's role the attacker can perform unauthorised data modification. When the pgAdmin user's role is a PostgreSQL superuser or holds pg_execute_server_program, the chain extends to remote code execution on the database server host via COPY ... TO PROGRAM. Fix validates the LLM-supplied query up front: it must parse to exactly one non-empty / non-comment statement whose leading real token (after stripping whitespace, comments, and punctuation) is one of SELECT, WITH, EXPLAIN, SHOW, VALUES, or TABLE. Transaction-control verbs, DML, DDL, CALL, COPY, DO, SET/RESET, and everything else are rejected before any database work happens. PostgreSQL's READ ONLY mode continues to backstop data-modifying CTEs, EXPLAIN ANALYZE on writes, and volatile side effects. This issue affects pgAdmin 4: from 9.13 before 9.16. A flaw was found in the pgAdmin 4 AI Assistant. An attacker with the ability to influence database content that the assistant reads can exploit a transaction bypass vulnerability through prompt injection. This allows the attacker to execute arbitrary SQL queries with the privileges of the pgAdmin user's database role. If the pgAdmin user has superuser privileges, this can lead to remote code execution on the database server. This Important flaw in the pgAdmin 4 AI Assistant allows an attacker to bypass read-only transaction protections through prompt injection. By influencing database content that the assistant reads, an attacker can execute arbitrary SQL queries with the privileges of the pgAdmin user's database role. This can escalate to remote code execution on the database server if the pgAdmin user holds superuser privileges, posing a significant risk to data integrity and system control. Red Hat severity: Important — CVSS 9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). Weakness: CWE-89. No fixing RHSA erratum has published yet; monitor the Red Hat CVE page and patch when it ships.
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This may cause a Use-after-Free in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking.
List of Security Fixes and Improvements in Veeam Kasten for Kubernetes KB ID: 4825 Product: Veeam Kasten for Kubernetes | 7 | 7.5 | 8 | 8.5 Kasten K10 by Veeam | 3 | 5 | 5.5 | 6 | 6.5 Published: 2026-03-02 Last Modified: 2026-07-13 Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Kasten for Kubernetes. This article aims to provide our customers' security and compliance teams with detailed information on security improvements. Full product release notes are available here: Veeam Kasten for Kubernetes — Release Notes Security Fixes and Improvements Veeam Kasten for Kubernetes 8.5.13 Updated base images used in the Red Hat Marketplace operator bundle to fix multiple Critical and High CVEs Veeam Kasten for Kubernetes 8.5.12 Upgraded to the latest UBI base image to resolve CVE-2026-45186 and CVE-2026-45447 Upgraded to Go 1.26.4 to resolve CVE-2026-42504 Kasten Multi-cluster Permissions: Hardened multi-cluster security by tightening the permissions granted to the impersonation `ClusterRole` on managed secondary clusters and removing sensitive token values from debug logs.
elixir-grpc grpc: Remote Code Execution and Denial of Service via Deserialization of Untrusted Data. Red Hat rates this critical (CVSS 9.8). Weakness: CWE-502. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Arbitrary code execution via global system variable manipulation by a high-privileged user. Red Hat rates this important (CVSS 9.1). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Arbitrary code execution via improper parameter validation during SST. Red Hat rates this important (CVSS 9.1). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string(). Red Hat rates this important (CVSS 9.1). Weakness: CWE-89. Affected package(s): mariadb10.11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11, mariadb-connector-c-main. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Arbitrary shell command execution via improper sanitization in CONNECT engine. Red Hat rates this important (CVSS 9.9). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP's public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message. Affected versions: Cloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0. Cloud Foundry CF Deployment all versions through 56.1.0.
Arbitrary code execution via wsrep_notify_cmd. Red Hat rates this important (CVSS 9). Weakness: CWE-78. Affected package(s): mariadb10.11, mariadb11, galera, mariadb:11.8, mariadb11.8, mariadb:10.11. Resolved in Red Hat advisory RHSA-2026:33093 — update the affected packages (`sudo dnf update`).
CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration
QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access