aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution in the process of copying enumerable properties from a user-supplied object to a generated message instance without filtering the proto property. An attack...

CVE-2026-0636

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The LDAPStoreHelper implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying...

Arbitrary Code Injection

Overview math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamically created...

Arbitrary Code Injection

Overview org.webjars.npm:math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamical...

CVE-2026-4519

The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open...

PT-2026-25977

Impact User control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The affected overloads and options are: "pdfobjectnewwindow": the pdfObjectUrl option and the entire options object,...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which i...

GHSA-P5XG-68WR-HM3M jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

GHSA-PQXR-3G65-P328 jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

XML Injection

Overview Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document authorship or other metadata fields. Workaround...

PT-2026-2264

Name of the Vulnerable Software and Affected Versions Imaster's MEMS Events CRM affected versions not specified Description The software contains an SQL injection issue in the keyword parameter of the '/memsdemo/exchange offers.php' API endpoint. This allows for potential unauthorized database...

PT-2025-53685

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A SQL injection issue exists in itsourcecode Student Management System 1.0. Manipulation of the ID argument in the /statistical.php file can lead to SQL injection. The attack can b...

PT-2025-47302

Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the Username argument within the login functionality,...

PT-2025-44632

Name of the Vulnerable Software and Affected Versions BEO GmbH BEO Atlas Einfuhr Ausfuhr version 3.0 Description A reflected cross-site scripting XSS issue exists in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0. This allows attackers to execute arbitrary code within a user’s browser. Exploitation occur...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SharpShowTextField component when rendering user-supplied input containing Vue template syntax. An attacker can execute arbitrary JavaScript or inject malicious HTML by submitting specially crafted...

PT-2025-41317

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0. Manipulation of the prod name argument in the file '/pages/product add.php' can lead to SQL injection. This issue may be exploited...

EUVD-2024-0166

Malicious code in bioql PyPI...

PT-2025-38310

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration version 3.1 Description A SQL injection issue exists in PHPGurukul Online Course Registration version 3.1. The issue is located in the /my-profile.php file. Manipulation of the cgpa argument can trigger th...

PT-2025-34224 · Unknown · Phpgurukul User Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul User Management System version 1.0 Description: A SQL injection issue exists in PHPGurukul User Management System version 1.0. The issue is located in the /signup.php file, where manipulation of the emailid parameter can lead to SQ...