SQL Injection

Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to SQL Injection via improper sanitization of user input in the sortby parameter of the /api/hosts/bootcimages endpoint. An attacker can cause database errors or...

EUVD-2024-1951

Malicious code in bioql PyPI...

CVE-2025-48333 WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n/a through n/a...

OPENSUSE-SU-2024:13332-1 ctdb-4.19.1+git.312.c912b3d2ef6-1.1 on GA media

These are all security issues fixed in the ctdb-4.19.1+git.312.c912b3d2ef6-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-29181

Strapi is affected: prior to 4.19.1, super admins can create a collection where items are associated to another collection, enabling users with the Author role to view associated items they did not create. This data leakage affects the @strapi/plugin-content-manager workflow; multiple sources (NV...

PT-2024-22786 · Strapi · @Strapi/Plugin-Content-Manager +1

Name of the Vulnerable Software and Affected Versions: Strapi versions prior to 4.19.1 Description: The issue concerns Strapi, an open-source content management system. In affected versions, when a super admin creates a collection with an item associated to another collection, a user with the...

Samba 4.0.0 < 4.17.12, 4.18.0 < 4.18.8, 4.19.0 Multiple Vulnerabilities

Samba is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

smbd allows client access to unix domain sockets

Description The SMB 1/2/3 protocols allow clients to connect to named pipes via the IPC$ Inter-Process Communication share for the process of inter-process communication between SMB clients and servers. Since Samba 4.16.0, Samba internally connects client pipe names to unix domain sockets within ...

CVE-2020-23647

CVE-2020-23647 is a documented XSS vulnerability affecting BoxBilling versions 4.19, 4.19.1, 4.20, and 4.21. The issue arises from the message field on the “submit new ticket” form, allowing remote attackers to execute arbitrary code in some contexts. The available connected sources consistently ...

Linux - Nested User Namespace idmap Limit Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Nested User Namespace idmap Limit Local Privilege Escalation', 'Description' = %q This module exploits a vulnerability in Linux kernels...