10 matches found
CVE-2026-32687
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
GHSA-P5C5-GMJ4-G48F Cross-Site Scripting (XSS) vulnerability in typolinks
All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...
Cross-Site Scripting (XSS) vulnerability in typolinks
All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...
SUSE CVE-2017-16943
The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...
pacemaker bug fix and enhancement update
An update is available for pacemaker. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...
ALBA-2021:3578 pacemaker bug fix and enhancement update
The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Bug Fixes and Enhancements: pacemaker seems to end up in an unfence loop BZ1972273 On a three-node cluster if two nodes are...
pacemaker bug fix and enhancement update
The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Bug Fixes and Enhancements: pacemaker seems to end up in an unfence loop BZ1972273 On a three-node cluster if two nodes are...
Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)
It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies
Hi people, Issue: Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies. I first found this sometime in 1996 can't remember exact date- long time ago : , and notified the relevant firewall vendor. After about 4 generations it's still not fixed i...