68 matches found
CVE-2026-9356 SourceCodester Hospitals Patient Records Management System manage_history.php sql injection
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...
PT-2026-42914
A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...
EUVD-2026-31554
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...
CVE-2026-43891 changedetection.io: Arbitrary Local File Read via crafted backup restore
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...
CVE-2026-43891
Summary: CVE-2026-43891 and related advisories describe an arbitrary local file read in changedetection.io caused by trusting attacker-controlled history.txt entries restored via crafted backups. Prior to 0.55.1, history values containing path separators are treated as filesystem paths and can re...
changedetection.io has an Arbitrary Local File Read via a crafted backup restore
Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into th...
Sensitive Information Disclosure
Apache Cassandra is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing sensitive data such as passwords in plaintext within the cqlsh history file, which allows an attacker with local access to read and retrieve sensitive information...
CVE-2026-27315
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
Apache Cassandra has sensitive Information Leak in cqlsh
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
CVE-2026-27315 Apache Cassandra: cqlsh history sensitive information leak
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via /.cassandra/cqlshhistory local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description:...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : MongoDB vulnerabilities (USN-8064-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8064-1 advisory. Eliot Horowitz discovered that MongoDB may fail to validate some instances of malformed BSON. A remote attacker could possibly use this...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the clihistory feature. An attacker can access sensitive command history and API request/response data by reading the history database file if it is created with default permissions on a multi-user Unix...
CVE-2026-0383
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0 (CVE-2026-0383)
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
EUVD-2025-26353
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...
EUVD-2015-1254
Malware in sbrugna...
EUVD-2013-7218
Malware in sbrugna...
EUVD-2024-0025
Malicious code in bioql PyPI...
CVE-2025-9810
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...
CVE-2025-9810
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...