1407 matches found
EUVD-2018-21908
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...
PT-2026-44864
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...
CVE-2026-46359
CVE-2026-46359 (phpMyFAQ) affects phpMyFAQ prior to 4.1.2. A SQL injection exists in CurrentUser::setTokenData, allowing authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or J...
PT-2026-41361
phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break...
CVE-2026-34660
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...
EUVD-2026-29620
Substance3D - Painter versions 12.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
APSB26-52 : Security update available for Adobe Substance 3D Designer
Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user...
ROS-20260429-73-0039
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0021
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0033
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of the specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0037
A vulnerability in the Intarray extension selectivity evaluation function of the PostgreSQL database management system is related to insufficient validation of a specified input data type. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the...
ROS-20260429-73-0020
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0017
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
ROS-20260429-73-0018
A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...
Powershell Profile Persistence
This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...
Adobe Framemaker Type Obfuscation Vulnerability
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A type confusion vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrar...
Powershell Profile Persistence
This Metasploit module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean...
Adobe Photoshop Installer 安全漏洞
Adobe Photoshop Installer is a installation program for the image editing software Adobe Photoshop. The Adobe Photoshop Installer has a security vulnerability, which stems from uncontrolled search path elements, potentially allowing arbitrary code to be executed in the current user environment...
Adobe Framemaker Numeric Error Vulnerability (CNVD-2026-19995)
Adobe Framemaker is a professional desktop publishing software for creating and editing large technical documents. A numeric error vulnerability exists in Adobe Framemaker, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
CVE-2026-27304
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction...