PT-2026-43992

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.1.0 Description An issue allows a user to obtain superuser privileges by creating a table and embedding malicious code within a column identifier. When a superuser invokes the k-anonymity function, the...

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

EUVD-2026-31960

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

CVE-2026-44831

CVE-2026-44831 affects Snipe-IT, an IT asset/license management system. Prior to v8.4.1, users with component view access could trigger stored XSS via an unescaped notes field in the component checkout process. The issue is fixed in v8.4.1 or later. If you are using versions before 8.4.1, upgrade...

Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

GHSA-VCC8-PHRV-43WJ Twig: Sandbox property allowlist bypass via the `column` filter (array_column on objects)

Description The column filter passes its input straight to PHP's native arraycolumn. When the array elements are objects, arraycolumn reads $obj-$name and $obj-$index directly, including invoking get/isset. Because this property read happens entirely in PHP native code and never reaches...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from multiple POST parameters in tables.php—tablename, indexname, and sortby—which were...

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via the column filter’s use of PHP arraycolumn. An attacker can bypass Twig sandbox property restrictions because arraycolumn accesses object...

Astra Linux - уязвимость в sqlite3

SQLite 3.30.1 improperly handles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...

Astra Linux - уязвимость в sqlite3

In SQLite 3.31.1, the isAuxiliaryVtabOperator function allows attackers to trigger a NULL pointer dereferencing and segmentation fault due to generated column optimizations...

PT-2026-42175

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The column filter passes input directly to the native PHP array column function. When array elements are objects, array column reads properties directly, which bypasses the...

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

Strapi SQL注入漏洞

Strapi is an open-source content management system CMS developed by the Strapi community in France. Versions of Strapi prior to 4.26.1 and 5.33.2 contained a SQL injection vulnerability. This vulnerability stemmed from the Content-Type Builder API’s database query injection mechanism. This allowe...

GHSA-3XCQ-8MJW-H6MX Strapi Vulnerable to SQL Injection in Content Type Builder

Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N 9.3 — Critical - Affected Versions: @strapi/content-type-builder =5.33.2 v5 or =4.26.1 v4 Description of CVE-2026-22599 A database-query...

SQL Injection in Column Type Parameter Allows Arbitrary SQL Execution

None...

PT-2026-40834

Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 4.26.0 Strapi versions 5.0.0 through 5.33.1 Description A database-query injection exists in the Content-Type Builder write API. An authenticated administrator can inject arbitrary database statements through the...

MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column

Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $gshowuserrealname = ON. Impact Cross-site scripting XSS. Note that By default, only users with Manager access level or above can save their filters publicly Patches -...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016806)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016806 advisory. An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.ext...