75 matches found
CVE-2023-50136
Cross Site Scripting XSS vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table...
CVE-2025-13753 WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation
The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the savetable function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with...
CVE-2025-13753
CVE-2025-13753 refers to the WP Table Builder – Drag & Drop Table Builder plugin for WordPress. The issue is an incorrect authorization check on save_table() , enabling authenticated users with Subscriber+ privileges to create new wptb-table posts in versions up to and including 2.0.19. The Wordf...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not setting ubuf-sg to NULL when the sg table creation fails, which could result in a null pointer dereference...
Exploit for OS Command Injection in Postgresql
usage: CVE-2019-9193.py -h -i IP -p PORT -d DATABASE...
SUSE CVE-2023-53699
In the Linux kernel, the following vulnerability has been resolved: riscv: move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from kernel image mapping. The regions arrays need to "reallocated" from memblock and accessed through linear mapping to cove...
EUVD-2007-5940
Malware in sbrugna...
EUVD-2024-17147
Malicious code in bioql PyPI...
CVE-2024-52507
Nextcloud Tables allows users to to create tables with individual columns. The information which Table numeric ID is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextcloud Tables app is upgraded to 0.8.1...
Dust: Unauthorized Table Creation by Member
A member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders admins should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully crea...
eap-7: heap exhaustion via deserialization
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...
SUSE CVE-2024-47677
In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfatcreateupcasetable If exfatloadupcasetable reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfatloaddefaultupcasetable allocates more memory, leading to a memory...
kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable()
An out-of-bounds access vulnerability was found in the Linux Kernel. This issue occurs during the creation of a new netfilter table. The absence of safeguards in the nftablesnewtable function against invalid nftables family pf values allows attackers to achieve unauthorized access. Exploitation...
DEBIAN-CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
Logic flaw vulnerability in Damon Database Management System (DM8) of Wuhan Damon Database Co.
Damon database management system DM8 is a new generation of large-scale general-purpose relational database, fully supports SQL standards and mainstream programming language interfaces/development frameworks. Ltd. Damon Database Management System DM8 suffers from a logic flaw vulnerability, which...
DEBIAN-CVE-2023-6040
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable function enables ...
JFinalCMS 安全漏洞
JFinalCMS is a content management system. A cross-site scripting vulnerability exists in JFinalcms version 5.0.0, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to run arbitrary code when creating a new custom...
PT-2024-13869 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalcms version 5.0.0 Description: A Cross Site Scripting XSS issue allows attackers to run arbitrary code via the name field when creating a new custom table. This enables attackers to execute malicious scripts, potentially leading to...
PT-2023-5666 · Scylladb · Scylladb
Name of the Vulnerable Software and Affected Versions: Scylladb affected versions not specified Description: The issue is related to errors in privilege management in the NoSQL database management system Scylladb. Exploitation of this issue may allow a remote attacker to escalate their privileges...
SUSE CVE-2005-3787
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...