CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.29.0...

EUVD-2026-31072

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

UBUNTU-CVE-2026-47784

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdbcheckpass...

Astra Linux - уязвимость в chromium

Before version 102.0.5005.61, using the "after free" feature in Indexed DB in Google Chrome allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux - уязвимость в hsqldb1.8.0, hsqldb

A flaw was discovered in the Libreoffice package. An attacker can create an odb file that contains a “database/script” file with a SCRIPT command. The contents of this file can then be written into a new file, whose location is determined by the attacker...

Astra Linux - уязвимость в sqlite3

In SQLite, from version 3.30.1 onwards, alter.c allows attackers to trigger infinite recursion through certain types of self-referential views in conjunction with ALTER TABLE statements...

Astra Linux - уязвимость в bluez

A issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free condition can occur when a client disconnects during D-Bus processing of a WriteValue call...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...

Astra Linux - уязвимость в rpm

A flaw was discovered in RPM’s hdrblobInit function in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The greatest threat from this vulnerability is to system availability...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...

Astra Linux - уязвимость в chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в bluez

The clifeatreadcb function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading...

Astra Linux - уязвимость в h2database

The H2 Console before version 2.1.210 allowed remote attackers to execute arbitrary code through a jdbc:h2:mem JDBC URL that contained the IGNOREUNKNOWNSETTINGS=TRUE;FORBID CREATION=FALSE;INIT=RUNSCRIPT substring. This is a different vulnerability than CVE-2021-42392. source-iocs-preserved...

Astra Linux - уязвимость в rpm

A flaw was discovered in the RPM package’s read functionality. This flaw allows an attacker to persuade a victim to install a seemingly verifiable package, or to compromise an RPM repository, thereby causing corruption of the RPM database. The most significant threat posed by this vulnerability i...

Astra Linux - уязвимость в samba

In DCE/RPC, it is possible to share handles cookies for resource state between multiple connections through a mechanism called “association groups”. These handles can reference connections to our sam.ldb database. However, while the database is correctly shared, the user credentials are only...

Astra Linux - уязвимость в chromium

The use of “after free” in the Cart component in Google Chrome before version 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through database corruption and a crafted HTML page. Chromium security severity: Medium...