Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...

CVE-2026-0603

CVE-2026-0603 : A second-order SQL injection vulnerability in Hibernate Core via the InlineIdsOrClauseBuilder allows a remote attacker with low privileges to craft non-alphanumeric IDs to read sensitive data (e.g., system files) and manipulate or delete data, causing an application‑level denial o...

SQL Injection

Overview org.hibernate:hibernate-core is a library providing Object/Relational Mapping ORM support to applications, libraries, and frameworks. Affected versions of this package are vulnerable to SQL Injection via the InlineIdsOrClauseBuilder component when unsanitized non-alphanumeric characters...

EUVD-2010-3719

Malware in sbrugna...

EUVD-2020-21289

Malware in sbrugna...

EUVD-2006-6949

Malware in sbrugna...

EUVD-2007-5392

Malware in sbrugna...

EUVD-2022-7482

Malicious code in bioql PyPI...

MINI-MF57-34HR-88HM

Bulletin has no description...

CVE-2025-24803 Stored Cross-Site Scripting (XSS) in MobSF

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...

Exploit for CVE-2024-9162

CVE-2024-9162 All-in-One WP Migration and Backup SELECT op...

CGA-Q6XM-FH5W-65WH

Bulletin has no description...

BIT-DISCOURSE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

GHSA-2FC9-XPP8-2G9H

creationtimestamp| type| source ---|---|--- 2024-02-23 19:16:50+00:00| seen| https://t.me/ctinow/192065...

CVE-2023-48658

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space...

Design/Logic Flaw

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space...

MISP Security Vulnerabilities

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics with features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.176, which stems from the lack...

Design/Logic Flaw

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...