17 matches found
PT-2026-45592
In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
SQL Injection
Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...
CVE-2026-42303
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...
PT-2026-37261
Name of the Vulnerable Software and Affected Versions Fides versions 2.75.0 through 2.83.1 Description Deployments that enable both subject identity verification and duplicate privacy request detection are susceptible to an issue where an administrator can approve a privacy request without the...
Symfony Process Component < 5.4.51 / 6.4.x < 6.4.33 / 7.3.x < 7.3.11 / 7.4.x < 7.4.5 / 8.0.x < 8.0.5 Argument Injection (GHSA-r39x-jcww-82v6)
The version of Symfony Process Component installed on the remote host is prior to 5.4.51, or 6.4.x prior to 6.4.33, or 7.3.x prior to 7.3.11, or 7.4.x prior to 7.4.5, or 8.0.x prior to 8.0.5. It is, therefore, affected by an argument injection vulnerability. The Symfony Process component did not...
WordPress plugin Bookingor has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2025-52540
Name of the Vulnerable Software and Affected Versions WP DB Booster plugin versions up to and including 1.0.1 Description The WP DB Booster plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on the cleanup all AJAX action. An...
CVE-2025-43381
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data...
PT-2025-50984
Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.1 Description The software addresses an issue with improper handling of symlinks, which could allow a malicious application to delete protected user data. Recommendations Update to macOS Tahoe 26.1...
PT-2025-43590
Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions through 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the ai scan result...
EUVD-2021-11702
Malware in sbrugna...
EUVD-2024-32185
Malicious code in bioql PyPI...
CVE-2025-46576
There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content...
PT-2025-5598 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, salvar cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...
The vulnerability of the BD Synapsys software lies in its incorrect session duration, which allows a perpetrator to gain access, modify, or delete confidential information.
The vulnerability of the BD Synapsys software lies in the incorrect duration of a session. Exploiting this vulnerability can allow an attacker to gain access, modify, or delete confidential information...
CVE-2021-21731
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects:...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability of the content/browser/webcontents/webcontentsimpl.cc function in Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause service interruptions or other effects by initiating the loading of images after data of...