CVE-2025-65104 Firebird: Information leak vulnerability in firebird3 client when used with newer server

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

CVE-2026-33405

Pi-hole Admin Interface: A stored HTML injection in the formatInfo() path of queries.js (v6.0–6.4) renders data.upstream, data.client.ip, and data.ede.text into HTML when expanding a Query Log row, with JavaScript execution blocked by CSP (script-src 'self'). The same fields are properly escaped ...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, including 3.0.13, contained security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to inject arbitrary values into internal...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14283)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. Code-Projects Online Product Reservation System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the parameters fname/lname/...

EUVD-2012-6215

Malware in sbrugna...

EUVD-2021-22161

Malware in sbrugna...

EUVD-2023-27668

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/lipsum.xml process. An attacker can execute...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper validation of user input in the datacode, datalang0key, datalang0value, datalang1key, and datatitle parameters within the /apprain/developer/language/default.xml process. An attacker can execute...

net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads

...

Linux Distros Unpatched Vulnerability : CVE-2021-35525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: t...

AZL-51284 CVE-2024-47702 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...

BIT-MEDIAWIKI-2021-36131

An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

CVE-2023-23568 affects Gallagher Command Centre Server (Command Centre) with improper privilege validation that allows authenticated unprivileged operators to modify and view Personal Data Fields. Public details enumerate affected releases: vEL8.40 and prior; vEL8.50 prior to vEL8.50.2831 (MR8); ...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23568

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 MR1, vEL8.80 prior to vEL8.80.1192 MR2, vEL8.70 prior to vEL8.70.2185 MR4, vEL8.60 prior to...

CVE-2023-23445

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface...