CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...

CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

Linux Distros Unpatched Vulnerability : CVE-2026-40176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

MiracleLinux 9 : mod_security-2.9.6-2.el9_6 (AXSA:2025-10535:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10535:02 advisory. modsecurity: ModSecurity Has Possible DoS Vulnerability CVE-2025-47947 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2023-58375

Malicious code in bioql PyPI...

EUVD-2024-34674

Malicious code in bioql PyPI...

CVE-2025-39496

CVE-2025-39496 is a SQL Injection in WBW WooBeWoo Product Filter Pro (WordPress plugin) affecting versions before 2.9.6. Root cause: improper neutralization of special SQL elements. Impact (per sources): high confidentiality impact, moderate availability impact, no integrity impact; CVSS 3.1 base...

CVE-2025-39496 WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6...

WordPress plugin和WordPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-34989

Name of the Vulnerable Software and Affected Versions: WBW WooBeWoo Product Filter Pro versions prior to 2.9.6 Description: The software contains a SQL injection issue due to improper neutralization of special elements used in an SQL command. Recommendations: Update WBW WooBeWoo Product Filter Pr...

CVE-2023-46198

Cross-Site Request Forgery CSRF vulnerability in Scientech It Solution Appointment Calendar plugin = 2.9.6 versions...

CVE-2025-30910

CM Download Manager (WordPress plugin)

WordPress CM Download Manager plugin <= 2.9.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin CM Download Manager versions = 2.9.6...

CVE-2022-24716

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...

PT-2024-30263 · Autman · Autman

Name of the Vulnerable Software and Affected Versions: autMan version 2.9.6 Description: The issue allows attackers to bypass authentication via a crafted web request. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents whe...