57 matches found
Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
Oracle Coherence 15.1.1.0.x < 15.1.1.0.3 Multiple Vulnerabilities (June 2026 CPU)
The 15.1.1.0.0 version of Coherence installed on the remote host is affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. The supported version that is...
Securly Chrome Extension 安全漏洞
Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from multiple exposed endpoints allowing unauthoriz...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the gettokenizer function in the...
PT-2026-24120
Name of the Vulnerable Software and Affected Versions Misskey versions 8.45.0 through 2026.3.0 Description Misskey, an open source, federated social media platform, has an issue where insufficient permission checks and proper input validation can allow unauthorized access to data. This can occur...
CVE-2026-21622
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
CVE-2026-21622 Password Reset Tokens Do Not Expire
Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...
PT-2026-20232
Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description The software reveals sensitive information within an environment variable. This disclosure could potentially assist in subsequent attacks against the system. Recommendatio...
CVE-2025-31995
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc...
EUVD-2017-12470
Malware in sbrugna...
EUVD-2014-7318
Malware in sbrugna...
EUVD-2021-16643
Malware in sbrugna...
EUVD-2019-13946
Malware in sbrugna...
EUVD-2020-5828
Malware in sbrugna...
EUVD-2017-1833
Malware in sbrugna...
EUVD-2024-44134
Malicious code in bioql PyPI...
EUVD-2025-16939
Malicious code in bioql PyPI...
EUVD-2022-33748
Malicious code in bioql PyPI...
EUVD-2024-19875
Malicious code in bioql PyPI...
Unitree多款产品 安全漏洞
Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree Go2 is a robot dog, Unitree G1 is a humanoid robot, Unitree H1 is a humanoid robot, Unitree H1 is a humanoid robot. A security vulnerability exists in several Unitree products that stems from the u...