Linux Distros Unpatched Vulnerability : CVE-2026-21218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. CVE-2026-21218 Note that Nessus relies ...

Element Server Suite 安全漏洞

Element Server Suite is a community edition of the Element open-source server suite. There are security vulnerabilities in Element Server Suite Community Edition ESS Community, which stem from an insecure method for generating Matrix server keys. This could allow network attackers to recreate the...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

Improper Handling of Missing Special Element

Overview Affected versions of this package are vulnerable to Improper Handling of Missing Special Element in DecodeUnprotectedBucket in CoseMessage.cs‎. An attacker can gain unauthorized access or manipulate data by supplying a malicious payload that bypasses security mechanisms. Remediation...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-21256

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

.NET Spoofing Vulnerability

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

UBUNTU-CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...

GHSA-2453-MPPF-46CJ Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...

CVE-2026-25495

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy]

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

CVE-2026-25495

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy]

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...

CVE-2026-25495

Craft CMS vulnerable to SQL injection in the element-indexes/get-elements endpoint via criteria[orderBy] in JSON body (versions 4.0.0-RC1–4.16.17 and 5.0.0-RC1–5.8.21). An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause by omitting viewState[order] (or setting...

CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy]

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before...