Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

Advanced Custom Fields < 6.1.6 - Cross-Site Scripting

Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the poststatus parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

Astra Linux - уязвимость в pillow

A issue was discovered in Pillow before version 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop during loading...

CVE-2026-42308 Pillow: Integer overflow when processing fonts

Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This issue has been patched in version 12.2.0...

UBUNTU-CVE-2026-43439

In the Linux kernel, the following vulnerability has been resolved: cgroup: fix race between task migration and iteration When a task is migrated out of a cssset, cgroupmigrateaddtask first moves it from cset-tasks to cset-mgtasks via: listmovetail&task-cglist, &cset-mgtasks; If a csstaskiter...

GHSA-WJX4-4JCJ-G98J Pillow has an integer overflow when processing fonts

If a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer overflow. This has been fixed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rqpages index in inline path svcrdmacopyinlinerange indexed rqstp-rqpagesrccurpage without verifying rccurpage stays within the allocated page array. Add guards before the first use and after advancing to a n...

Canon多款产品 安全漏洞

Canon imagePRESS and other products are manufactured by Canon, a Japanese company. The Canon imagePRESS is a series of color production digital printing machines. The Canon imageFORCE is a series of color digital printers. The Canon imageRUNNER is a series of color digital printers. Several of...

PT-2026-31874

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2019-25680

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

CVE-2019-25680 Advance Gift Shop Pro Script 2.0.3 SQL Injection via search

Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...

SUSE CVE-2026-2069

A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llamagrammaradvancestack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploi...

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

EUVD-2026-9193

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/advancesearch.php file...

PT-2026-22606

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to a SQL Injection issue. The vulnerability exists in the /ppes/admin/advance search.php file. The vulnerable parameter is not specified...

CVE-2026-26703

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

CVE-2026-26703

CVE-2026-26703 affects sourcecodester Personnel Property Equipment System v1.0. The vulnerability is a SQL Injection in the /ppes/admin/advance_search.php endpoint. CVSS v3.1 metrics indicate a CRITICAL impact (base score 9.8) with NETWORK attack vector, LOW attack complexity, NO privileges requi...