CVE-2026-4174

A vulnerability has been found in Radare2 5.9.9. This issue affects the function walkexportstrie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation leads to resource consumption. The attack can only be performed from a local environment. The exploit h...

Radare2 安全漏洞

Radare2 is an open-source reverse framework for Unix geeks developed by Radare. Version 5.9.9 of Radare2 contains a security vulnerability, which stems from incorrect operations on the function walkexportstrie found in the file libr/bin/format/mach0/mach0.c, potentially leading to resource...

CVE-2026-31858

CraftCMS is affected by a blind SQL injection in ElementSearchController::actionSearch(), where unset() protection added to ElementIndexesController in CVE-2026-25495 was not applied. This allows any authenticated control panel user to inject arbitrary SQL via criteria[where], criteria[orderBy], ...

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2026-31858 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2026-31858

Craft is a content management system CMS. The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on th...

CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

SQL Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to SQL Injection via the actionSearch process in ElementSearchController. An attacker can execute arbitrary SQL commands and extract database contents by injecting malicious input into...

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...

PT-2026-24751

Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...

Malicious code in deuro-landing-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b21bff5e6829c4c257d34d4ad60dd2d5d85f4f6fc67fdffaf74c86bb600ff7cb The package deuro-landing-page was found to contain malicious code. Source: ossf-package-analysis...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004524)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004524 advisory. An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause...

PT-2025-42601

Name of the Vulnerable Software and Affected Versions radare2 versions prior to 5.9.9 Description The software contains a memory leak within the r bin object new function. Recommendations Update to version 5.9.9 or later...

Linux Distros Unpatched Vulnerability : CVE-2025-5643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function consstackload in the library...

Linux Distros Unpatched Vulnerability : CVE-2025-5645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the...

CVE-2025-5648

Radare2 5.9.9 (radiff2) is affected by CVE-2025-5648. The vulnerability is in r_cons_pal_init (libr/cons/pal.c) where manipulation of the -T argument leads to memory corruption. It requires local access with a high attack complexity; exploitability is rated as difficult. The patch is identified a...

CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

CVE-2025-5645

Radare2 5.9.9 is affected (component radiff2: r_cons_pal_init in libr/cons/pal.c). Manipulating the -T argument leads to memory corruption. Local access is required; attack complexity is high and exploitability is reported as difficult. The vulnerability is considered to be of low overall risk, w...