Tutor LMS <= 2.1.10 - SQL Injection

Tutor LMS – eLearning and online course solution plugin for WordPress all versions up to 2.6.1 contains a time-based SQL Injection caused by insufficient escaping on the questionid parameter in SQL queries, letting authenticated attackers with subscriber or higher access extract sensitive...

Astra Linux - уязвимость в openldap

In OpenLDAP 2.x versions before 2.5.12 and 2.6.x versions before 2.6.2, there is a SQL injection vulnerability in the experimental slapd backend, caused by a SQL statement within an LDAP query. This vulnerability can occur during an LDAP search operation, when the search filter is processed, due ...

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

JLSEC-2026-174

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2026-34787

Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

emlog SQL注入漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog 2.6.2 and earlier have a SQL injection vulnerability. This vulnerability stems from the updateTagName function in the include/model/tagmodel.php file, which directly inserts user input into the SQL query...

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the torch.load checkpoint and model import paths in the nemo collections and checkpoint utilities. An attacker can execute arbitrary code...

Deserialization of Untrusted Data

Overview nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data the HFCheckpointIO checkpoint-loading process in nemo/lightning/io/hf.py. An attacker can execute arbitrary code on the victim system by supplyin...

Amazon Linux 2 : wireshark, --advisory ALAS2-2026-3208 (ALAS-2026-3208)

The version of wireshark installed on the remote host is prior to 2.6.2-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3208 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or...

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to submit crafted SQL payloads via POST to extract sensitive DB information (usernames, database names, version details). CVSS vectors: CVSS3.1 (AV:N/AC...

MiracleLinux 7 : mercurial-2.6.2-10.el7 (AXSA:2019-4114:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4114:01 advisory. mercurial: Buffer underflow in mpatch.c:mpatchapply CVE-2018-13347 mercurial: HTTP server permissions bypass CVE-2018-1000132 mercurial: Missing che...

MiracleLinux 7 : mercurial-2.6.2-6.el7 (AXSA:2016-223:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2016-223:01 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start:...

MiracleLinux 7 : mercurial-2.6.2-8.el7 (AXSA:2017-1906:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1906:02 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start:...

CVE-2026-22703 Cosign verification accepts any valid Rekor entry under certain conditions

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

Linux Distros Unpatched Vulnerability : CVE-2026-22703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verif...

OPENSUSE-SU-2026:10026-1 python311-urllib3-2.6.2-1.1 on GA media

These are all security issues fixed in the python311-urllib3-2.6.2-1.1 package on the GA media of openSUSE Tumbleweed...

0lever-utils (>=0.0.2 <=0.0.7), 1337x (=1.2.5) +16356 more potentially affected by CVE-2026-21441 via urllib3 (>=1.22.0 <=2.6.2)

urllib3 PYPI version =1.22.0, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 - a-texam =1.1.0 and more Source cves: CVE-2026-21441 Source advisory: OSV:GHSA-38JV-5279-WG99...