EUVD-2025-210075

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

WS-PoC-Search

WS-PoC-Search Lightning-fast CVE and PoC intelligence searc...

CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

CVE-2026-10879

CVE-2026-10879 affects DBI for Perl, pre-1.648. A heap overflow occurs during preparsing SQL with more than 9 binders; the preparse method expands placeholders to :pN but only allocates 3 characters per binder, causing overflow as placeholders 10–99 need 4 chars, 100–999 need 5, etc. The issue is...

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

EUVD-2026-34843

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

RUSTSEC-2026-0172 Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

MINI-Q2HC-7P62-2QX9

Bulletin has no description...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

CVE-2026-11347 Hardcoded Cryptographic Keys and Weak IV Generation in linqi

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

[SECURITY] Fedora 43 Update: rust-sequoia-cert-store-0.7.3-1.fc43

A certificate database interface...

EUVD-2026-34542

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

Oracle Database Server (May 2026 CSPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to...

Linux Distros Unpatched Vulnerability : CVE-2026-10879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder...

EUVD-2020-31249

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

PT-2026-47052

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 10.0.3 Description An SQL injection allows an unauthenticated remote attacker to execute arbitrary SQL statements. This can result in the complete compromise of the underlying database. The issue requires no...