9906 matches found
CVE-2021-47980
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
EUVD-2021-34833
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
CVE-2021-47980
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
CVE-2021-47980 Fuel CMS 1.4.13 Blind SQL Injection via col Parameter
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log interface. Attackers can send requests to the logs endpoint with malicious SQL payloads in the 'col...
PT-2026-41466
Name of the Vulnerable Software and Affected Versions Fuel CMS version 1.4.13 Description Authenticated attackers can manipulate database queries by injecting SQL code through the col parameter in the Activity Log interface. By sending requests to the 'logs' endpoint with malicious SQL payloads i...
FUEL CMS SQL注入漏洞
Fuel CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.4.13 of Fuel CMS has a SQL injection vulnerability. This vulnerability stems from a blind SQL injection flaw, allowing authenticated attackers to manipulate database queries throug...
Malicious code in @datatrain/passenger-v3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ff70d96169a200be30c83b3e37506f7abf2f377ed1d6dec8005269d98b58104 The package @datatrain/passenger-v3 was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in deepl-sync (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f09b2cb596d2186d9533b703e85192087a2722c8307c51428330658f1972c3a The package deepl-sync was found to contain malicious code. Source: ghsa-malware 901de6816216276cc07830e358c2cae608d89087dba87b4acf0562604011e504 Any...
WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity versions = 3.3.6...
EUVD-2026-29907
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
MAL-2026-3665 Malicious code in hackling (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cf12b321da2b42ce2302bdccbb35304c4f4a47c7a5e273076467b269982c480f Package automatically exfiltrate information about the system, including potentially sensitive data. --- Category: MALICIOUS - The campaign has clearly malicio...
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21021
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
CVE-2026-21021
Technical details are not publicly available in the provided documents. Monitor for updates.
PT-2026-40573
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...
PT-2026-40565
Name of the Vulnerable Software and Affected Versions coreActivity: Activity Logging for WordPress versions prior to 3.1 Description The plugin is susceptible to PHP Object Injection, a condition where untrusted data is passed to a deserialization function, potentially allowing the execution of...
Malicious code in aoflcorp (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bfc014b9e60bb1abb58d948abcf31112dd4c160ab8416317476f3c67c2e84d49 The OpenSSF Package Analysis project identified 'aoflcorp' @ 0.0.1 npm as malicious. It is considered malicious because: - The package...
PIN bypass in PassCodeActivity via back button
None...
MAL-2026-3576 Malicious code in @uipath/solutionpackager-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64274b915ff6e2c5965c334cc5b2a7dca56efe8c3021c83e45d0269a9391345f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...