CVE-2026-42086

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

EUVD-2026-26676

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

RHEL 10 : postgresql16 (RHSA-2026:3887)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3887 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

UBUNTU-CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

CVE-2025-52856 VioStor

An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later...

The Application of Transformer-Based Models for Predicting Consequences of Cyber Attacks

Cyberattacks are increasing, and securing against such threats is costing industries billions of dollars annually. Threat Modeling, that is, comprehending the consequences of these attacks, can provide critical support to cybersecurity professionals, enabling them to take timely action and alloca...

EU Digital Regulation and Guatemala: AI, 5G, and Cybersecurity

The paper examines how EU rules in AI, 5G, and cybersecurity operate as transnational governance and shape policy in Guatemala. It outlines the AI Act's risk approach, the 5G Action Plan and Security Toolbox, and the cybersecurity regime built on ENISA, NIS2, the Cybersecurity Act, and the Cyber...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the response.writeHead function. An attacker can manipulate HTTP response headers by passing an array to this function, potentially leading to unintended disclosure or modification of header...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the response.writeHead function. An attacker can manipulate HTTP response headers by passing an array to this function, potentially leading to unintended disclosure or modification of header...

datatables.net: contents of array not escaped by HTML escape entities function

An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting XSS...

datatables.net: contents of array not escaped by HTML escape entities function

An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting XSS...

PT-2024-40356 · Unknown · Laravel Framework

Name of the Vulnerable Software and Affected Versions: Laravel Framework affected versions not specified Description: The issue arises when a field, normally a non-array value, is crafted as an array in a request and this input is not validated or cast to its expected type before being passed to...

OESA-2023-1885 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

GHSA-HHG2-G6H6-C266 Yii SQL injection vulnerability

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...

Type confusion

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

UBUNTU-CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

Cross-site Scripting (XSS)

Overview bootstrap-table is an extended table to integration with some of the most widely used CSS frameworks. Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

Cross-site Scripting (XSS)

Overview teddy is a The most readable and easy to learn templating language there is! Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string. PoC...

mpath module 安全漏洞

The mpath module is a module for getting/setting the value of a javascript object using a path representation similar to MongoDB. A security vulnerability exists in mpath module before 0.8.4, which stems from type confusion, where if the input is an array, the method called is...