458032 matches found
PT-2026-49827
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device features a webserver that exposes a REST API authenticated via a token on the management network. An authenticated attacker can exploit an OS command...
PT-2026-50116
Unauthenticated PHP Object Injection in Esmée = 1.4 versions...
PT-2026-50176
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with permissions to create or modify workflows can provide crafted parameters to the TimescaleDB and legacy Postgres v1 nodes. This allows arbitrary SQ...
Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-8431-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8431-1 advisory. It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuin...
Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities
The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...
Debian dla-4632 : atril - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4632 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/...
PT-2026-49619
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro get overall chart data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to json...
PT-2026-50172
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description A prototype pollution issue allows a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. Prototype polluti...
CVE-2026-48723
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...
Important: Red Hat Security Advisory: Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0
Kiali 2.4.18 for Red Hat OpenShift Service Mesh 3.0 is now available. An update is now available for Red Hat OpenShift Service Mesh 3.0. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Moderate. A Commo...
EUVD-2026-37017
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...
CVE-2026-48723 BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...
CVE-2026-48723
BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CVE-2026-0636)
Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-0636. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-0636 DESCRIPTION: Improper neutralization of special elements used in an LDAP query 'LDAP...
CVE-2026-48017
DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, ...
Exploit for CVE-2026-54596
CVE-2026-54596 - Authenticated SQL Injection via recurringinv...
Exploit for CVE-2026-54597
CVE-2026-54597 — ITFlow Time-Based Blind SQL Injection Seve...
EUVD-2026-36908
Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...
EUVD-2026-36980
Unauthenticated SQL Injection in Contest Gallery = 28.1.6 versions...
EUVD-2026-36976
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...