34 matches found
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
GHSA-Q57J-RWWX-7RWP MixPHP Framework has an SQL injection vulnerability via crafted `data` array
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
PT-2026-36489
Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists where the session and cache handlers utilize the unserialize function on data retrieved from Redis within the RedisHandler object. Recommendations ...
CVE-2026-32276
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...
CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...
Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin
Security Advisory — Page Management Plugin SSRF Summary A Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the...
CVE-2026-32266 Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability
The Google Cloud Storage for Craft CMS plugin provides a Google Cloud Storage integration for Craft CMS. In versions on the 2.x branch prior to 2.2.1, the DefaultController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin...
CVE-2026-1194
A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...
CVE-2026-1194 MineAdmin Swagger information disclosure
A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...
CVE-2026-1193 MineAdmin View view improper authorization
A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...
PT-2025-54234
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software includes hardcoded credentials within its server binaries, which cannot be altered through standard device procedures. This allows attackers to gain unauthorized...
EUVD-2014-0850
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-33054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the...
BIT-NGINX-INGRESS-CONTROLLER-2022-30535
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-0228 Improper authentication vulnerability in S+ Operations
Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2...
SUSE CVE-2015-2908
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...
PT-2022-26153 · Grails · Grails Spring Security Core Plugin
Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...
CVE-2022-35241
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
GHSA-89F3-74M6-G27G Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...