5122 matches found
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...
CVE-2026-52888
NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...
MINI-PQ7G-23V6-MCRJ
Bulletin has no description...
MINI-55HP-3W67-PXVW
Bulletin has no description...
CVE-2026-49795
creationtimestamp| type| source ---|---|--- 2026-07-14 19:01:51+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0231 2026-07-14 22:03:59+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:35+00:00| exploited|...
CVE-2026-54992
creationtimestamp| type| source ---|---|--- 2026-07-14 19:01:41+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0231 2026-07-14 22:02:12+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-14 23:00:36+00:00| exploited|...
CVE-2026-56155
creationtimestamp| type| source ---|---|--- 2026-07-14 18:00:28+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3d723813-809e-42df-ae57-9da291055398 2026-07-14 18:20:36+00:00| seen| https://bsky.app/profile/cvesentinel.bsky.social/post/3mqmt3ncdul23...
CVE-2026-15410
creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 20:00:01+00:00| exploited|...
CVE-2026-15409
creationtimestamp| type| source ---|---|--- 2026-07-14 17:48:47+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mqmrct2poa2b 2026-07-14 18:59:52+00:00| seen| https://bsky.app/profile/hapsis.bsky.social/post/3mqmvbuce4c2u 2026-07-14 19:00:30+00:00| exploited|...
CVE-2026-62390
Apache Kylin vulnerability CVE-2026-62390 is a SQL Injection flaw in the Catalog Cache Refresh API. Affected versions are 4 through 5.0.3; upgrading to 5.0.4 fixes the issue. The issue arises from improper neutralization of special elements in SQL commands used by the backend API that refreshes t...
PT-2026-57979
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An OS Command Injection issue exists where a backend API allows job configuration parameters to be passed directly to the OS command line without proper neutralization of special elements. OS...
PT-2026-57978
Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An SQL Injection issue exists where improper neutralization of special elements used in an SQL command occurs. This happens when a backend API refreshes the table catalog, which may lead to the...
MINI-J94F-RM4Q-6F3X
Bulletin has no description...
MINI-MM77-3CVM-MHF4
Bulletin has no description...
MINI-XR9P-79PW-9GR4
Bulletin has no description...
MINI-28GV-QG6P-6PR7
Bulletin has no description...
MINI-J668-RPWG-48R9
Bulletin has no description...
MINI-WCCQ-R38P-HJ92
Bulletin has no description...
How GitHub gave every repository a durable owner
GitHub has over 14,000 repositories across our primary internal GitHub organization. As of early 2025, there were over 11,000 non-archived repositories, the vast majority of which with no clear owner. For repositories attached to production services, we have historically had robust durable...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.
Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...