JLSEC-2026-47

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

BIT-KIBANA-2026-26937 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

CVE-2026-26937

Uncontrolled Resource Consumption CWE-400 in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation CAPEC-153...

Attack Pattern Mining to Discover Hidden Threats to Industrial Control Systems

This work focuses on validation of attack pattern mining in the context of Industrial Control System ICS security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack...

GHSA-FF5X-7QG5-VWF2 Denial of service caused by infinite recursion when parsing SVG document

Summary When parsing the attributes passed to a use tag inside an svg document, we can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. Details...

Design/Logic Flaw

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a use tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the...

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

FreeBSD : Apache httpd -- Multiple vulnerabilities (f923205f-6e66-11ee-85eb-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f923205f-6e66-11ee-85eb-84a93843eb75 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP...

Cotonti Siena 0.9.19 Cross Site Scripting

Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...

Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...

Geeklog 2.2.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Geeklog Affected Software: Geeklog Affected Versions: 2.2.1 Vendor Homepage: https://www.geeklog.net/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4...

Cera Intranet Community Theme 1.0.1 SQL Injection

=========================================================================================== Exploit Title: cera-intranet-community-theme SQL Inj. Dork: N/A Date: 29-12-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://themeforest.net/item/cera-intranet-community-theme/24872621 Softwar...

Openfire 4.4.1 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Openfire 4.4.1 Affected Software: Openfire Affected Versions: 4.4.1 Vendor Homepage: https://www.igniterealtime.org/ Vulnerability Type: Cross-site Scripting Severity: Medium Status: Fix...

Vulnerability in core server (CVE-2019-10208)

TYPE in pgtemp executes arbitrary SQL during SECURITY DEFINER execution Given a suitable SECURITY DEFINER function, an attacker can execute arbitrary SQL under the identity of the function owner. An attack requires EXECUTE permission on the function, which must itself contain a function call havi...

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion

Karenderia Multiple Restaurant System 5.3 - Local File Inclusion =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...

Varient 1.6.1 - SQL Injection Vulnerability

Exploit for multiple platform in category web applications =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...

Premier Ilan Scripti 1 SQL Injection

=========================================================================================== Exploit Title: Premier Ilan Scripti - "id" SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://v1.ilanscripti.org/ Software Link: http://v1.ilanscripti.org/ Version:...

Varient 1.6.1 - SQL Injection

Varient 1.6.1 - SQL Injection =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...

CiuisCRM 1.6 - 'eventType' SQL Injection

=========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Dork: N/A Date: 27-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage: https://codecanyon.net/item/ciuis-crm/20473489 Software Link:...

Varient 1.6.1 - SQL Injection

=========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link: https://varient.codingest.com/ Version: v1.6....