Astra Linux - уязвимость в sqlite3

SQLite version 3.31.1 allows attackers to cause a denial of service segmentation fault through a malformed window-function query, due to improper handling of the initialization of the AggInfo object...

Astra Linux - уязвимость в sqlite3

In SQlite 3.31.1, a potential null pointer derefrence was detected during the INTERSEC query processing...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the actionclass function in the ActionsController. A user can gain unauthorized access to sensitive actions and escalate privileges by invoking unregistered action classes on arbitrary...

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

Simple Git 操作系统命令注入漏洞

Simple Git is a lightweight interface developed by Steve King from the UK. It is used to execute Git commands within any Node.js application. Versions of Simple Git 3.31.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from a bypass...

Linux Distros Unpatched Vulnerability : CVE-2026-28291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option...

PT-2026-32486

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.32.0 Description The library allows the execution of arbitrary commands through the manipulation of Git options. This occurs because the unsafe operations plugin uses a regular-expression-based blocklist to preve...

EUVD-2024-35442

Malicious code in bioql PyPI...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Leyka versions = 3.31.1...

WordPress Leyka Plugin <= 3.31.1 is vulnerable to Broken Access Control

Software Leyka Type Plugin Vulnerable versions = 3.31.1 Fixed in 3.31.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0e07bf4fab5e Credits Mika Required privilege Unauthenticat...

BIT-SQLITE-2020-11655

SQLite through 3.31.1 allows attackers to cause a denial of service segmentation fault via a malformed window-function query because the AggInfo object's initialization is mishandled...

BIT-SQLITE-2020-35525

In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing...

BIT-SQLITE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

Querybook Cross-Site Scripting Vulnerability

Querybook is an open source big data query UI for Pinterest. A cross-site scripting vulnerability exists in Querybook versions prior to 3.31.1, which stems from allowing users to enter arbitrary URLs without the required validation...

PT-2024-4535 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.1 Description: The issue is related to the Rich Text Editor component in Querybook, which fails to properly validate user input, allowing arbitrary URLs to be entered without necessary validation. This securit...