31101 matches found
PT-2026-52175
Name of the Vulnerable Software and Affected Versions Drupal Geolocation Field versions 0.0.0 through 3.15.0 Description An SQL injection issue exists in the Drupal Geolocation Field module, which provides functionality to store coordinates and supports views and other modules. The problem occurs...
RHEL 8 : evince (RHSA-2026:28998)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28998 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' through the Accessory model mass assignment process. An attacker can...
DEBIAN-CVE-2026-0864
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
PSF-2026-29
When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...
CVE-2026-54310
CVE-2026-54310 affects n8n, specifically the TimescaleDB and legacy Postgres v1 nodes. An authenticated user who can create or modify workflows could supply crafted parameters to these nodes, enabling arbitrary SQL injection and execution against the connected database within the privileges of th...
CSV Injection
Overview @actual-app/cli is a CLI for Actual Budget Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...
CSV Injection
Overview @actual-app/cli is a CLI for Actual Budget Affected versions of this package are vulnerable to CSV Injection via the escapeCsv function, which fails to neutralize formula-triggering prefixes in user-controlled fields when exporting data to CSV format. An attacker can cause arbitrary...
CVE-2026-47241
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...
CVE-2026-44272
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-9029 Stored XSS in the Geomap panel tile-layer attribution
A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...
PT-2026-51376
Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An Improper Neutralization of Special Elements used in an SQL Command SQL Injection exists. This allows a low privileged attacker with remote access to potentially gain...
GHSA-6MWX-4547-5VC9 OpenBao: LDAPi ldaputil (wrong escape func)
Description Component sdk/helper/ldaputil/client.go — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs. Root Cause The LDAP utility contains a function selection error that causes incorrect...
EUVD-2019-20195
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...
CVE-2019-25752
Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...
CVE-2017-20257
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands via the ajaxaction.flag_question task. Exploitation can occur by injecting malicious SQL through the stu_quiz_id or flag_quest parameters to manipula...
CVE-2017-20256
Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...
EUVD-2017-18979
Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=comnge&view=config and inject malicious SQL code in the plname paramet...
CVE-2026-21768
CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...
PT-2026-50952
Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...