192244 matches found
Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...
CVE-2026-5470 mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protoc...
CVE-2026-5469
CVE-2026-5469 affects Casdoor version 2.356.0, specifically the Webhook URL Handler component. A crafted manipulation can induce a server-side request forgery (SSRF) and is reportable remotely. The vulnerability involves unknown code within the Webhook URL Handler and, per disclosures, the vendor...
CVE-2026-5468
A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...
JLSEC-2026-30
A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...
JLSEC-2026-49
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses...
JLSEC-2026-47
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
JLSEC-2026-46
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
CVE-2026-33533
A flaw was found in Glances, an open-source system monitoring tool. The Glances XML-RPC server, when activated, sends a wildcard Access-Control-Allow-Origin header and does not validate the Content-Type header. This allows a remote attacker to craft a malicious webpage that can issue a Cross-Orig...
EUVD-2026-18603
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...
EUVD-2026-18605
A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/aligntech/myinvisalign/BuildConfig.java of the component com.aligntech.myinvisalign.emea. The manipulation of the argument CDAACCESSTOKEN leads to us...
EUVD-2026-18607
A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...
EUVD-2026-18611
A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...
CVE-2026-5458
A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...
CVE-2026-5458
A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/antelop/BuildConfig.java of the component com.afone.noelse. This manipulation of the argument SEGMENTWRITEKEY causes use of hard-coded cryptographic...
EUVD-2026-18597
A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...
CVE-2026-5457 PropertyGuru AgentNet Singapore App com.allproperty.android.agentnet BuildConfig.java hard-coded key
A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com/allproperty/android/agentnet/BuildConfig.java of the component com.allproperty.android.agentnet. The manipulation of the argument...
attack-executor (>=0.2.1 <=0.2.8), attackmate (>=0.0.0 <=0.6.0) +11 more potentially affected by CVE-2026-5463 via pymetasploit3 (>=1.0.5 <=1.0.6)
pymetasploit3 PYPI version =1.0.5, =0.2.1, =0.0.0, =0.4.84, =0.0.8, =1.0.0, =1.0.0, =0.0.0, =3.7.0, =0.1.0, =0.1.0, =0.1.2 - raven-vapt =0.1.0 - vulnheist =0.0.1 Source cves: CVE-2026-5463 Source advisory: SNYK:PYTHON-PYMETASPLOIT3-16072994...
CVE-2026-5453
A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENTWRITEKEY leads ...
EUVD-2026-18570
Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length...