21 matches found
CVE-2026-7191
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel
Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...
CVE-2026-31857
CVE-2026-31857 (CraftCMS) : A Remote Code Execution vulnerability exists in Craft CMS before versions 5.9.9 and 4.17.4 in the control panel via the BaseElementSelectConditionRule::getElementIds() path. User-controlled input is passed to renderObjectTemplate() (unsandboxed Twig with escaping disab...
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel
Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...
CVE-2026-31857 CraftCMS has an RCE vulnerability via relational conditionals in the control panel
Craft is a content management system CMS. Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig...
EUVD-2026-11257
CraftCMS has an RCE vulnerability via relational conditionals in the control panel...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgraded to 14.20: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgraded to 15.15: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Security update for postgresql13
This update for postgresql13 fixes the following issues: Upgraded to 13.23: CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: Use...
Malicious code in react-jsonschema-form-conditionals (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19f7a4179b84b6488bf56a9222c451acb93c74cf52d5a8c021ae3f42599e289d Any computer that has this package installed or running should be considered fully compromised. All...
@bubbles-ui/leemons (>=1.0.0 <=1.2.277), @imtf/rjsf-conditionals (=5.0.3) +3 more potentially affected by unknown CVE via json-rules-engine-simplified (>=0.1.17 <=0.2.0)
json-rules-engine-simplified NPM version =0.1.17, =1.0.0, =0.1.0, =0.1.17, =0.1.1, =0.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-JSONRULESENGINESIMPLIFIED-12704864...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48828
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution (RCE) flaw in the ajax/api/ad/replaceAdTemplate endpoint caused by improper use of PHP’s Reflection API. An unauthenticated attacker can inject a crafted template (eg, using vb:if with code via passthru($POST[...])) and trigge...
EUVD-2025-28268
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
VulnCheck KEV: CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and...
Misuse of a Boolean constant
Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...
Fingerprinting the author of the ZeuS Botnet !
The source code of the ZeuS Botnet is now available for Download. Derek Jones the author this article imagine there are a few organizations who would like to talk to the authors of this code. All developers have coding habits, that is they usually have a particular way of writing each coding...