CVE-2026-42550

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert, SimplePdo::update, and SimplePdo::delete build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query, with no identifier quoting and no validation. When an...

CVE-2026-8200

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

Flight SQL注入漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained an SQL injection vulnerability. This vulnerability occurred because the methods SimplePdo::insert, SimplePdo::update, and SimplePdo::delete directly concatenated the $table parameter and the keys fr...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

CVE-2023-53672 btrfs: output extra debug info if we failed to find an inline backref

In the Linux kernel, the following vulnerability has been resolved: btrfs: output extra debug info if we failed to find an inline backref BUG Syzbot reported several warning triggered inside lookupinlineextentbackref. CAUSE As usual, the reproducer doesn't reliably trigger locally here, but at...

PT-2024-40771 · Unknown · Xpackdynamictable

Name of the Vulnerable Software and Affected Versions: XpackDynamicTable affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the XpackDynamicTable:: make space function, which is called by the...

WordPress NEX-Forms Lite Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . NEX-Forms Lite is one of the user-defined plugin to create forms . A cross-site scripting vulnerability exists in...

mongodb: memory over-read via incorrect BSON object length

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...

MySQL and SQL field truncated vulnerability-vulnerability warning-the black bar safety net

The current Web developers certainly have a lot of people did not notice the author mentioned these two issues. The first problem is that, MySQL by default has a configuration parameters maxpacketsize, this parameter is used to limit the MySQL client and the MySQL server end of the data...