CVE-2026-31731

In CVE-2026-31731, the Linux kernel thermal management subsystem has a race where a thermal zone removal during resume can cause use-after-free. Root cause: thermal_zone_pm_complete() and thermal_zone_device_resume() re-initialize the poll_queue delayed work, so cancel_delayed_work_sync() in ther...

EUVD-2026-26501

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function onprepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

PT-2026-36322

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out...

CVE-2026-23003

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in INETECNdecapsulate...

CVE-2025-50567

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...

crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()

...

SUSE CVE-2022-49837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

DEBIAN-CVE-2022-49837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

CVE-2022-49837 bpf: Fix memory leaks in __check_func_call

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

Sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely...

PT-2024-15888 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the prepare function of the admin/pay.php file. The manipulation of the id argument leads to SQL injection...

PT-2023-32766 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue affects the function prepare of the file email setup.php. The manipulation of the argument name leads to SQL injection. The exploit has been...

Online Tours & Travels Management System SQL Injection Vulnerability

Online Tours & Travels Management System is an online tours management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Online Tours & Travels Management System version 1.0, which stems from a problem with the prepare function in emailsetup.php, whi...

kernel: bpf: Fix memory leaks in __check_func_call

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

PT-2022-34988 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A null-ptr-deref bug was found in the buffer prepare function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v6.0.3,...

PT-2022-35893 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.331 Description: A null-ptr-deref bug was found in the buffer prepare function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

Web-Based Student Clearance System 跨站脚本漏洞

Web-Based Student Clearance System is a web-based student clearance system by the individual developer Ndueso Okorie. A security vulnerability exists in the Web-Based Student Clearance System, which originates in the prepare function of /Admin/add-student.php and can lead to cross-site scripting...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scripting. The vulnerability exists in the prepare function of PageRegular.php, allowing an attacker to inject and execute malicious javascript through the canonical tags...

WordPress 'wpdb::prepare()' SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress versions prior to 4.8.3, which stems from the program faili...

WordPress WPDB SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress WPDB SQL injection vulnerability can be exploited by an attacker to execute arbitrary SQL commands, as $wpdb-prepar...