UBUNTU-CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

CVE-2026-41889 affects the pgx PostgreSQL driver for Go. Before version 5.9.2, using the non-default simple protocol with a dollar-quoted string containing text that can be interpreted as a placeholder outside of a string literal allows SQL injection when the placeholder value is attacker-control...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004193 advisory. An issue was discovered in ioapiclazyupdateeoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction...

CVE-2024-39304

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQ...

EUVD-2024-37890

Malicious code in bioql PyPI...

EUVD-2022-29606

Malicious code in bioql PyPI...

PT-2025-1447 · Repute Infosystems · Armember Premium

Name of the Vulnerable Software and Affected Versions: Repute InfoSystems ARMember Premium versions prior to 5.9.2 Description: The issue is related to a missing authorization vulnerability in Repute InfoSystems ARMember Premium, which allows exploiting incorrectly configured access control...

MAL-2024-11888 Malicious code in @saferpay/eslint-config-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49038c65a69ff50fde7f32068fe7d4705c0ff7424bd0e86e6f87ab5593a99949 The OpenSSF Package Analysis project identified '@saferpay/eslint-config-base' @ 5.9.2 npm as malicious. It is considered malicious because: - T...

MAL-2024-11887 Malicious code in @saferpay/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1a2d3c2e7f9c105a15779b795e9c5e4108f8e8ada94f9d6af1446e4b0e19fbd3 The OpenSSF Package Analysis project identified '@saferpay/components' @ 5.9.2 npm as malicious. It is considered malicious because: - The packa...

MAL-2024-11891 Malicious code in @saferpay/react-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bf4cc2b21097670e4c1c216967552f761f10ded3eb65a4a4b705aa0a5d6943e6 The OpenSSF Package Analysis project identified '@saferpay/react-library' @ 5.9.2 npm as malicious. It is considered malicious because: - The...

CVE-2024-39304

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQ...

CVE-2024-39304

Summary: CVE-2024-39304 affects ChurchCRM prior to 5.9.2, with an authenticated SQL injection via the EID parameter in a GET request to /GetText.php. The issue stems from inadequate sanitization of user input, allowing SQL statements to be injected into the database query. It does not require ele...

CVE-2024-39304 ChurchCRM SQL Injection Vulnerability

ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQ...

PT-2024-11905 · Unknown +2 · Strongswan +2

Name of the Vulnerable Software and Affected Versions: strongSwan versions 5.9.2 through 5.9.5 Description: The issue is related to authorization bypass through improper validation of certificates with host mismatch. When certificates are used to authenticate clients in TLS-based EAP methods, the...

ALPINE-CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains...

CVE-2022-24810 net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...

CVE-2022-24808 net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...

WordPress Contact Form 7 Plugin <= 5.9 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Type Plugin Vulnerable versions = 5.9 Fixed in 5.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2242 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5d34f7907f9a Credits Asaf Mozes Required...