457817 matches found
CVE-2026-53900 Cookie injection was possible when opening a PDF link
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-53900
CVE-2026-53900 concerns Firefox for iOS. The issue: cookies set on the initial PDF request were preserved across cross-origin HTTP redirects in TemporaryDocument, enabling a malicious site to inject cookies into requests to an unrelated target domain. The CVE has a base score of 4.3 (Medium) per ...
BIT-MYSQL-CLIENT-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5
MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...
BIT-MYSQL-CLIENT-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...
HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection
A flaw was found in the HP Linux Imaging and Printing Software HPLIP. This vulnerability may allow a local attacker to achieve escalation of privileges and/or arbitrary code execution through operating system command injection. This could lead to an attacker gaining unauthorized control over the...
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours...
CVE-2026-5416
Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...
CVE-2026-52715
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-39574
Unauthenticated SQL Injection in InPost Gallery = 2.1.4.6 versions...
CVE-2026-39581
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2026-52712
Subscriber SQL Injection in Attendance Manager = 0.6.2 versions...
CVE-2026-49772
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49774
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
EUVD-2026-37057
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
CVE-2026-49772
CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...
EUVD-2026-37056
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774 WordPress RD Station plugin <= 5.6.0 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion. This issue affects RD Station: from n/a through 5.6.0...
CVE-2026-49774
CVE-2026-49774 describes an "Improper Control of Generation of Code (Code Injection)" vulnerability in the WordPress RD Station plugin
EUVD-2026-37051
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...