Lucene search
K

671 matches found

Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24913

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenu contact lead form AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References10
Snyk
Snyk
added 2026/03/04 6:25 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the columns parameter in the Express Entry List block configuration. An attacker can execute arbitrary code on the server by injecting crafted serialized data that is later processed without proper...

8.9CVSS6.1AI score0.00605EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/04 3:31 a.m.6 views

EUVD-2026-9356

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

8.9CVSS6AI score0.00605EPSS
Exploits0References3
NVD
NVD
added 2026/03/04 2:15 a.m.19 views

CVE-2026-3452

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

8.9CVSS0.00605EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 1:49 a.m.15 views

CVE-2026-3452

Concrete CMS versions below 9.4.8 are vulnerable to Remote Code Execution via stored PHP object injection in the Express Entry List block, using the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed ...

8.9CVSS6AI score0.00605EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.11 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...

8.9CVSS6.1AI score0.00605EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.11 views

PT-2026-22863

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

8.9CVSS6AI score0.00605EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2026/02/25 5:19 a.m.10 views

K000160142: PostgreSQL vulnerability CVE-2021-20229

Security Advisory Description A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. CVE-2021-20229 Impact...

4.3CVSS5.6AI score0.01466EPSS
Exploits0
CVE
CVE
added 2026/02/24 2:3 a.m.40 views

CVE-2026-26198

CVE-2026-26198 — ormar (Python async ORM) is affected in versions 0.9.9 through 0.22.0. The vulnerability arises in aggregate queries where the ORM passes user-supplied column names directly into sqlalch emy.text() without validation for min() and max(), allowing attacker-controlled strings to be...

9.8CVSS5.8AI score0.00915EPSS
Exploits2References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/14 12:23 a.m.6 views

SUSE CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References3
NVD
NVD
added 2026/02/12 9:16 p.m.7 views

CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

9.8CVSS0.0056EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/12 8:56 p.m.3 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the columns output mode, which renders string fields from eBPF events to the terminal without sanitizing control characters or ANSI escape sequences. An attacker can manipulate terminal behavior or display by...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References2
OSV
OSV
added 2026/02/12 8:6 p.m.6 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS
Exploits1References5
CVE
CVE
added 2026/02/12 8:6 p.m.17 views

CVE-2026-25996

CVE-2026-25996 affects Inspektor Gadget. The vulnerability arises because string fields from eBPF events in the columns output mode are rendered to the terminal without sanitizing control characters or ANSI escape sequences, enabling injection via crafted event payloads. Affected surface includes...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/12 8:6 p.m.5 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/12 8:6 p.m.5 views

CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/12 8:6 p.m.30 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS0.0056EPSS
Exploits1References3
CNVD
CNVD
added 2026/02/11 12:0 a.m.3 views

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14679)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from a possible server crash whe...

7.5CVSS6.9AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 9:4 p.m.6 views

EUVD-2026-5571

Payload is a free and open source headless content management system. Prior to 3.74.0, a cross-collection Insecure Direct Object Reference IDOR vulnerability exists in the payload-preferences internal collection. In multi-auth collection environments using Postgres or SQLite with default...

5.4CVSS5.3AI score0.00193EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

IBM DB2 Multiple Vulnerabilities (7257697, 7257698) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a multiple vulnerabilities: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References4
Rows per page
Query Builder