Monthly
PostgreSQL libpq client library allows malicious server superusers to execute arbitrary code on connecting clients by overwriting stack buffers via unbounded responses to PQfn() calls. The vulnerability affects lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions used by psql and pg_dump utilities. A compromised or malicious PostgreSQL server can exploit clients running these common administrative tools during routine operations like database backups or large object exports. EPSS and KEV data not available for this recent CVE. CVSS 8.8 reflects the network attack vector with user interaction requirement (connecting to malicious server).
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
PostgreSQL libpq client library allows malicious server superusers to execute arbitrary code on connecting clients by overwriting stack buffers via unbounded responses to PQfn() calls. The vulnerability affects lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions used by psql and pg_dump utilities. A compromised or malicious PostgreSQL server can exploit clients running these common administrative tools during routine operations like database backups or large object exports. EPSS and KEV data not available for this recent CVE. CVSS 8.8 reflects the network attack vector with user interaction requirement (connecting to malicious server).
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Post-authentication SQL injection vulnerability in Trend Micro Endpoint Encryption PolicyServer that enables authenticated attackers to escalate privileges and achieve full system compromise (confidentiality, integrity, and availability impact). The vulnerability requires an attacker to first obtain low-privileged code execution on the target system before exploiting the SQL injection to escalate to administrative privileges. With a CVSS score of 8.8 and network accessibility, this represents a significant risk to organizations running vulnerable PolicyServer instances, particularly in environments where initial compromise vectors (phishing, lateral movement, supply chain) are plausible.
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.