347 matches found
CVE-2026-23959
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959
CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...
CVE-2026-23959
CoreShop (Pimcore-based eCommerce) contains an error-based SQL Injection in the admin-facing endpoint /admin/coreshop/customer-company-modifier/duplication-name-check, affecting versions prior to 4.1.9. The root cause is unsafe interpolation of user input into a SQL condition (example pattern: sp...
CoreShop security vulnerability
CoreShop is an open-source e-commerce system developed by CoreShop. Versions of CoreShop prior to 4.1.9 contained security vulnerabilities. These vulnerabilities stemmed from improper insertion of user input into SQL queries through the CustomerTransformerController, which could lead to SQL...
CONTEX-T: Contextual Privacy Exploitation Via Transformer Spectral Analysis for IoT Device Fingerprinting
The rapid expansion of internet of things IoT devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expo...
GHSA-FQCV-8859-86X2 CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
CoreShop Vulnerable to SQL Injection via Admin customer-company-modifier
SQL Injection in CustomerTransformerController Summary An error-based SQL Injection vulnerability was identified in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading to database error...
PT-2026-3891
Name of the Vulnerable Software and Affected Versions CoreShop versions prior to 4.1.9 Description An error-based SQL Injection issue exists in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly incorporates user-supplied input into a SQL query,...
MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.322.b06-2.el8 (AXSA:2022-3023:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3023:02 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Insufficient URI checks in t...
mariadb: MariaDB Server Crash via Item_direct_view_ref
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to crash the database via Itemdirectviewref::derivedfieldtransformerforwhere...
mariadb: MariaDB Server Crash via Item_direct_view_ref
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to crash the database via Itemdirectviewref::derivedfieldtransformerforwhere...
mariadb: MariaDB Server Crash via Item_direct_view_ref
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to crash the database via Itemdirectviewref::derivedfieldtransformerforwhere...
Large Language Models for Detecting Cyberattacks on Smart Grid Protective Relays
This paper presents a large language model LLM-based framework for detecting cyberattacks on transformer current differential relays TCDRs, which, if undetected, may trigger false tripping of critical transformers. The proposed approach adapts and fine-tunes compact LLMs such as DistilBERT to...
mariadb: MariaDB Server Crash via Item_direct_view_ref
A flaw was found in MariaDB Server. This vulnerability may allow an attacker to crash the database via Itemdirectviewref::derivedfieldtransformerforwhere...
Improving Router Security Using BERT
Previous work on home router security has shown that using system calls to train a transformer-based language model built on a BERT-style encoder using contrastive learning is effective in detecting several types of malware, but the performance remains limited at low false positive rates. In this...
Engineering Attack Vectors and Detecting Anomalies in Additive Manufacturing
Additive manufacturing AM is rapidly integrating into critical sectors such as aerospace, automotive, and healthcare. However, this cyber-physical convergence introduces new attack surfaces, especially at the interface between computer-aided design CAD and machine execution layers. In this work, ...
Malicious Package
Overview @vietmoney/react-native-image-transformer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
EUVD-2025-205934
Malicious code in @vietmoney/react-native-image-transformer npm...
Malicious code in @vietmoney/react-native-image-transformer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5d6e41bb857d4ed96776b54551e25a97efccd98d763659d945f9c969c7981cf The package @vietmoney/react-native-image-transformer was found to contain malicious code. Source: ghsa-malware...