4945 matches found
EUVD-2017-19005
Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.3-2.hum1 aarch64, x8664 nginx-all-modules-1.30.3-2.hum1 noarch nginx-core-1.30.3-2.hum1 aarch64, x8664 nginx-filesystem-1.30.3-2.hum1 noarch nginx-mod-devel-1.30.3-2.hum1 aarch6...
CVE-2026-8806
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...
CVE-2026-8806 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module
Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...
PT-2026-50959
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...
WordPress Intranet & Private Site – All-In-One Intranet plugin <= 1.8.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Intranet & Private Site All-In-One Intranet versions = 1.8.1...
CVE-2026-12569
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
EUVD-2026-37831
A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...
kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...
PT-2026-50611
Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...
PT-2026-50596
Name of the Vulnerable Software and Affected Versions langchain4j-mariadb versions prior to 1.2.1-beta8 langchain4j-mariadb versions prior to 1.5.1-beta11 langchain4j-mariadb versions prior to 1.11.8-beta19 langchain4j-mariadb versions prior to 1.16.3-beta26 langchain4j-pgvector versions prior to...
PT-2026-50582
Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...
EUVD-2026-37129
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability
Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...
CVE-2026-8484
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
EUVD-2026-37064
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes DoS. All versions are believed to be vulnerable. This project is unmaintained at...
CVE-2026-8484
The CVE-2026-8484 entry describes a heap buffer overflow in the Jansi JNI"ioctl()" wrapper caused by missing size verification of the argument array before the system call. Affected software is Jansi (JNI wrapper) and, per sources, all versions are believed vulnerable. Consequences stated are hea...
CVE-2026-46716
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...
Malicious Package
Overview ecto-nightly-spirit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview spl-token-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...