7129 matches found
CVE-2026-28830
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
CVE-2026-28830
CVE-2026-28830 describes a race condition resolved by additional input validation. Multiple connected sources (NVD, EUVD-2026-29216, CVE listings, and vulnerability enrichment) indicate the issue is fixed in macOS Tahoe 26.4 and that an app could potentially access sensitive user data. The availa...
CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
CVE-2026-7813 pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode
Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe prior to 26.4 contained a security vulnerability caused by a race condition issue, which could allow applications to access sensitive user data...
Apple macOS 安全漏洞
Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.5 had a security vulnerability due to permission issues, which could allow applications to access protected user data...
PT-2026-39835
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...
PT-2026-39838
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
PT-2026-39828
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...
PT-2026-39759
A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...
PT-2026-39790
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2021-47928
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928
Opencart TMD Vendor System 3.x is affected by a blind SQL injection via the product_id parameter, allowing unauthenticated attackers to enumerate data from oc_user (usernames, emails, password reset codes). The vulnerability is described as a time-based/content-based blind injection with high con...
PT-2026-39504
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
Opencart TMD Vendor System SQL注入漏洞
The Opencart TMD Vendor System is an extension provided by Opencart Inc. for e-commerce platforms, offering multiple merchant integration and management features. Version 3.x of the Opencart TMD Vendor System contains a SQL injection vulnerability. This vulnerability stems from blind SQL injectio...
CVE-2026-42069
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42069
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
EUVD-2026-28888
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versions 4.9.0 and 5.4.0...