80526 matches found
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
CVE-2026-10879
CVE-2026-10879 affects Perl DBI versions before 1.648. The vulnerability is a heap overflow in the preparse routine when preparing SQL with more than 9 binders. The preparse expands placeholders to :pN while allocating only three characters per binder; placeholders 10–99 require four, 100–999 req...
CVE-2026-10879
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
EUVD-2026-34843
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
CVE-2026-10879
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...
RUSTSEC-2026-0172 Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`
Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...
CVE-2026-11347
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
MINI-Q2HC-7P62-2QX9
Bulletin has no description...
CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
[SECURITY] Fedora 43 Update: rust-sequoia-cert-store-0.7.3-1.fc43
A certificate database interface...
Triofox - Improper Access Control
The Gladinet Triofox solution before 12.91.1126.65588 and CentreStack before 12.10.595.65696 allow unauthenticated access to the /management/admindatabase.aspx endpoint, exposing sensitive database management functionality to anyone with network access. An unauthenticated attacker can remotely...
KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection
The KiviCare Clinic & Patient Management System EHR plugin for WordPress is vulnerable to SQL Injection via the 'visittypeserviceid' parameter of the taxcalculateddata AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2026-34542
A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...
EUVD-2020-31249
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
Linux Distros Unpatched Vulnerability : CVE-2026-10879
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder...
Oracle Database Server (May 2026 CSPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to...
PT-2026-47068
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
PT-2026-46913
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...
PT-2026-46958
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...