GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

CLSA-2026-1767629031 mod_md: Fix of CVE-2025-55753

CVE-2025-55753: fix integer overflow in ACME backoff timer - Fix test failure on i686 for boolean refcount assertion...

CLSA-2026-1767626618 Fix CVE(s): CVE-2025-11083

SECURITY UPDATE: Heap-based buffer overflow in elfswapshdr function - debian/patches/CVE-2025-11083.patch: Don't swap in nor match corrupt section header in linker input to avoid linker crash. Changed elfswapshdrin to return bfdboolean and reject corrupt section headers in linker input files. -...

Exploit for Code Injection in Symfony Twig

Successful Errors: New Code Injection and SSTI Techniques !R...

PT-2026-27134

Name of the Vulnerable Software and Affected Versions github.com/antchfx/xpath affected versions not specified Description A flaw exists in the github.com/antchfx/xpath component that allows a remote attacker to cause a Denial of Service DoS condition. This is achieved by submitting crafted Boole...

CVE-2022-50870

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...

CVE-2022-50870 powerpc/rtas: avoid device tree lookups in rtas_os_term()

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its behavior depends on a couple of conditions in the /rtas node of the device tree, the traversal of which entails locking and local IRQ...

CVE-2022-50870

CVE-2022-50870: In the Linux kernel (powerpc RTAS), rtas_os_term() could hang during panic due to risky device-tree traversal when devtree_lock is held. The fix caches relevant RTAS/DT characteristics at boot and changes the ibm,extended-os-term lookup to a boolean property via of_property_read_b...

PT-2025-53988

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s powerpc/rtas component where the rtas os term function, called during kernel panic, could potentially hang the system if devtree lock is held. This...

SUSE-SU-2025:4426-1 Security update for xkbcomp

This update for xkbcomp fixes the following issues: - CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. - CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an...

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

CVE-2023-53877

CVE-2023-53877 affects Bus Reservation System 1.1. The vulnerability is a SQL injection in the pickup_id parameter, enabling attackers to manipulate database queries. Techniques cited: boolean-based , error-based , and time-based blind SQL injection to steal information from the database. Practic...

CVE-2023-53877 Bus Reservation System 1.1 Multiple SQL Injection via pickup_id Parameter

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

Security update for xkbcomp

This update for xkbcomp fixes the following issues: CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash bsc1105832. CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkbinternat...

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...

CVE-2024-58290 Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

CVE-2022-50628

CVE-2022-50628: The issue is a UBSAN warning in the gud driver of the Linux kernel caused by uninitialized iosys_map usage which can load an invalid _Bool value. The fix is to zero the iosys_map variables (in iosys_map_clear called from dma_buf_vmap). Connected sources corroborate that the bug ar...