EUVD-2026-4979

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

CVE-2026-1549 jishenghua jshERP PluginController uploadPluginConfigFile path traversal

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

CVE-2020-36972 SmartBlog 2.0.1 - 'id_post' Blind SQL injection

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

CVE-2020-36972

CVE-2020-36972 affects SmartBlog 2.0.1. The details controller’s id_post parameter is vulnerable to blind SQL injection, allowing an attacker to extract database information by character-by-character comparison via crafted SQL queries. This is the core vulnerability described across multiple sour...

EUVD-2020-30879

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

CVE-2020-36972

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2020-36987

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

CVE-2020-36987 Program Access Controller v1.2.0.0 - 'PACService.exe' Unquoted Service Path

Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSyste...

CVE-2020-36987

CVE-2020-36987 affects Program Access Controller 1.2.0.0. The unquoted service path vulnerability is in PACService.exe and can be triggered during system startup or reboot to inject and run malicious executables with LocalSystem privileges. Root cause: unquoted service path allowing privilege esc...

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

PT-2026-5238

A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...

SmartBlog security vulnerabilities

SmartBlog is a blog module developed by Muhammad Arifur Rahman. Version 2.0.1 of SmartBlog has a security vulnerability, which stems from blind SQL injection in the details controller’s idpost parameter, potentially allowing access to database information...

Gear Box Computers Program Access Controller code-related vulnerabilities

Gear Box Computers Program Access Controller is a program access controller developed by Gear Box Computers. Version 1.2.0.0 of the Gear Box Computers Program Access Controller contains a code vulnerability. This vulnerability stems from the PACService.exe file having a service path that is not...

PT-2026-5163

Name of the Vulnerable Software and Affected Versions SmartBlog version 2.0.1 Description The software contains a blind SQL injection issue in the id post parameter of the details controller. This allows attackers to extract database information by injecting crafted SQL queries that compare...

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...