7 matches found
Untrusted Search Path
Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges ...
CVE-2026-11400
CVE-2026-11400 describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate privileges to another Amazon RDS user, including rds_superuser, by creating a crafted ...
XML Injection
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document...
CVE-2025-11276
A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...
CVE-2023-6895
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...
PT-2022-26173 · Sourcegraph · Sourcegraph
Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue allows a site admin to execute arbitrary commands on Gitserver when the experimental customGitFetch feature is enabled. This feature has been disabled by default. Recommendations: For...
CVE-2017-6015
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code wi...