CVE-2026-40826

creationtimestamp| type| source ---|---|--- 2026-05-27 08:11:19+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645525736344350 2026-05-27 08:12:10+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645529147227087 2026-05-27 09:02:17+00:00| seen|...

CVE-2026-40826 Authenticated SQLi in dsgvo_contracts view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvocontracts view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

MAL-2025-40826 Malicious code in zenith-echo-yfs0 (npm)

The package zenith-echo-yfs0 was found to contain malicious code...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java PF4J. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40828 DESCRIPTION: Plugin Framework for Java PF4J coul...

Linux Distros Unpatched Vulnerability : CVE-2023-40826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

CVE-2023-40826

creationtimestamp| type| source ---|---|--- 2023-08-29 02:20:04+00:00| seen| https://t.me/cibsecurity/69329...

care.better.pf4j:pf4j-kotlin-symbol-processing (>=1.0.0-RC1 <=2.3.21-1.0.4), cn.sliew:carp-dist (>=0.0.1 <=0.0.34) +832 more potentially affected by CVE-2023-40826 via org.pf4j:pf4j (>=2.0.0 <=3.9.0)

org.pf4j:pf4j MAVEN version =2.0.0, =1.0.0-RC1, =0.0.1, =0.0.42, =0.0.63, =0.0.64, =0.0.66, =0.0.63, =0.0.49, =0.0.61, =0.0.61, =0.0.13, =0.0.1, =0.0.33, =0.0.33, =0.0.33, =0.0.34 and more Source cves: CVE-2023-40826 Source advisory: OSV:GHSA-3R28-RGP9-QGV4...

CVE-2023-40826

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

CVE-2023-40826

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

CVE-2023-40826

PF4J (Plugin Framework for Java) v3.9.0 and earlier is affected by CVE-2023-40826, where improper input validation in the zippluginPath handling can allow a remote attacker to obtain sensitive information and execute arbitrary code via a crafted archive. The issue is referenced across multiple fe...

CVE-2023-40826

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter...

CVE-2022-40826

creationtimestamp| type| source ---|---|--- 2022-10-07 14:17:30+00:00| seen| https://t.me/cibsecurity/50967...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php orhaving function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-40826

CVE-2022-40826 affects CodeIgniter up to version 3.1.13. The vulnerability is a SQL injection in the or_having() function of the system/database/DB_query_builder.php. Root cause per sources is improper handling in or_having, enabling attacker-controlled SQL execution. Impact is described as high/...

CVE-2021-40826

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine...

CVE-2021-40826

Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine...

CVE-2021-40826

CVE-2021-40826 : Clementine Music Player (through 1.3.1) is vulnerable to a User Mode Write Access Violation in the MP3 parsing code at clementine+0x3aa207. The issue is triggered when opening a crafted MP3 file or loading a mishandled remote stream URL, potentially causing the Clementine process...