25575 matches found
CVE-2026-32499
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-31920
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...
CVE-2026-25340 WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...
EUVD-2026-15411
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
DEBIAN-CVE-2026-3119
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
DEBIAN-CVE-2026-3104
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...
CVE-2026-3119
CVE-2026-3119 affects ISC BIND 9: when processing a correctly signed query containing a TSIG-signed TKEY, named may crash (terminate unexpectedly). Affected versions: 9.20.0–9.20.20, 9.21.0–9.21.19, and 9.20.9-S1–9.20.20-S1. Unaffected: 9.18.0–9.18.46 and 9.18.11-S1–9.18.46-S1. The issue requires...
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
CVE-2026-3119
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
CVE-2026-3104
CVE-2026-3104 describes a memory leak in BIND resolver code during DNSSEC non-existence proof preparation caused by processing a specially crafted domain. Affected: BIND 9.20.0–9.20.20, 9.21.0–9.21.19, and 9.20.9-S1–9.20.20-S1. Not affected: 9.18.x series. Impact: memory growth potentially leadin...
UBUNTU-CVE-2026-23295
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix dead lock for suspend and resume When an application issues a query IOCTL while auto suspend is running, a deadlock can occur. The query path holds devlock and then calls pmruntimeresumeandget, which waits for...
SUSE-SU-2026:1008-1 Security update for Prometheus
This update for Prometheus fixes the following issues: golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: CVE-2026-27606: Fixed arbitrary fi...
WordPress JetEngine plugin <= 3.8.6.1 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter vulnerability
Unauthenticated SQL Injection via Listing Grid 'filteredquery' Parameter vulnerability discovered by hoshino in WordPress Plugin JetEngine versions = 3.8.6.1...
SUSE CVE-2026-28280
osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting XSS vulnerability exists in the osctrl-admin on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The paylo...
SUSE CVE-2026-29073
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...
WordPress plugin Lisfinity Core SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-27813
Name of the Vulnerable Software and Affected Versions Lisfinity Core versions n/a through 1.5.0 Description A flaw exists in pebas Lisfinity Core lisfinity-core that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The issue affects...
PT-2026-27995
Name of the Vulnerable Software and Affected Versions Product Rearrange for WooCommerce versions n/a through 1.2.2 Description The software contains a flaw due to improper neutralization of special elements within an SQL command, leading to a potential SQL injection issue. Specifically, the...
CVE-2026-3119
Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....
PT-2026-27878
Name of the Vulnerable Software and Affected Versions WPFactory Advanced WooCommerce Product Sales Reporting versions through 4.1.3 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This...