Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

CVE-2026-40354

The CVE-2026-40354 issue affects Flatpak’s xdg-desktop-portal (pre-1.20.4 and 1.21.x pre-1.21.1). A symlink attack on g_file_trash in the host context allows a Flatpak application to delete arbitrary host files, enabling denial of service or potential data integrity concerns. Root cause: insuffic...

XDG Desktop Portal 安全漏洞

XDG Desktop Portal is a frontend service for the desktop application sandbox environment developed by Flatpak. Versions of XDG Desktop Portal prior to 1.20.4 and 1.21.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for any Flatpak application to manipulate...

CVE-2025-69045

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through = 1.20.4...

CVE-2025-69045 WordPress FooEvents for WooCommerce plugin <= 1.20.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through = 1.20.4...

CVE-2025-69045

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FooEvents FooEvents for WooCommerce fooevents allows SQL Injection.This issue affects FooEvents for WooCommerce: from n/a through = 1.20.4...

CVE-2025-69045

CVE-2025-69045 is a SQL Injection vulnerability in FooEvents for WooCommerce (FooEvents for WooCommerce) that affects versions up to and including 1.20.4. The issue arises from improper neutralization of user-supplied input in SQL queries, enabling an attacker with network access to potentially r...

WordPress plugin FooEvents for WooCommerce: SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress FooEvents for WooCommerce plugin <= 1.20.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin FooEvents for WooCommerce versions = 1.20.4...

CLSA-2025-1760646561 tigervnc: Fix of 13 CVEs

Rebuilt with xorg-x11-server-1.20.4-99.el79.tuxcare.els7, mitigating the security vulnerabilities identified by the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597 CVE-2025-26598, CVE-2025-26599, CVE-2025-26600 and CVE-2025-26601, CVE-2025-49175, CVE-2025-49176,...

PT-2023-3282 · Glpi +1 · Fields +1

Name of the Vulnerable Software and Affected Versions: Fields versions prior to 1.13.1 Fields versions prior to 1.20.4 Description: The issue is related to a lack of access control check in the Fields plugin for GLPI, allowing any authenticated user to write data to any fields container, includin...