WordPress JoomSport <5.2.8 - SQL Injection

WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operation...

VoipMonitor - Pre-Auth SQL Injection

A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. id: CVE-2022-24260 info: name: VoipMonitor - Pre-Auth SQL Injection author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI...

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

rConfig 3.9.4 - SQL Injection

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10547 info: nam...

CVE-2026-54350

Budibase CVE-2026-54350 describes an unauthenticated NoSQL injection against published Budibase apps. EnrichContext substitutes query parameters into the JSON body and JSON.parse can lift attacker-controlled fields into the parsed filter, allowing an attacker with a PUBLIC query to read (and for ...

CVE-2026-52779

OpenProject prior to versions 17.3.3 and 17.4.1 contains a cross-project IDOR/authorization context confusion in the Calendar and Team Planner modules. A user with management permissions in one project can delete public Calendar or Team Planner Queries from another project where they lack corresp...

CVE-2026-48529

GitHub MCP Server (versions 0.22.0–1.1.2) in HTTP mode with --lockdown-mode stores RepoAccessCache as a process-global singleton initialized with the first authenticated user’s GraphQL client. All subsequent requests reuse that singleton, causing lockdown queries to run with the first user’s toke...

EUVD-2026-39657

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

CVE-2026-57925

JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

CVE-2026-40208

CVE-2026-40208 concerns DoH3 servers handling DoH3 GET queries with an invalid DATA frame, potentially delaying processing and causing a denial of service. The available records state the impact as availability loss (LOW) with a CVSS 3.1 base score of 3.7, network-exposed and requiring no privile...

CVE-2026-40011 Prometheus denial of service via crafted DNS queries

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

CVE-2026-40011

CVE-2026-40011 describes a denial-of-service condition where sending a large number of crafted DNS queries can cause a dynamic block to be inserted with a value that yields invalid output on the Prometheus endpoint. The Prometheus data may then be rejected by the scraper until the dynamic block e...

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

CVE-2026-53275 ipv6: mcast: Fix use-after-free when processing MLD queries

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when processing MLD queries When processing an MLD query, a pointer to the multicast group address is retrieved when initially parsing the packet. This pointer is later dereferenced without being...

CVE-2026-53275

CVE-2026-53275 affects the Linux kernel IPv6 multicast path (net/ipv6/mcast.c) during MLD query processing. A pointer to the multicast group address is captured during initial packet parsing but is not reloaded after skb header changes from pskb_may_pull(), leading to a use-after-free in __mld_qu...

EUVD-2026-39147

Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...