MiracleLinux 9 : nginx-1.20.1-24.el9_7.1.ML.1 (AXSA:2026-364:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-364:01 advisory. nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 Tenable has extracted the preceding description block...

CVE-2025-62139 WordPress Terms descriptions plugin <= 3.4.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a through 3.4.9...

EUVD-2018-2894

Malware in sbrugna...

EUVD-2023-33263

Malicious code in bioql PyPI...

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

CVE-2022-37933

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware...

CVE-2024-32077

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

PT-2023-22375 · Google · Android

Name of the Vulnerable Software and Affected Versions: Glitter Unicorn Wallpaper app for Android versions 7.0 through 8.0 Description: The issue allows unauthorized applications to inject data into the database that stores user personal preferences, which can be loaded into memory and used when t...

CVE-2023-29726

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, t...

MGASA-2014-0191 Updated ruby-rails and associated packages fix multiple vulnerabilities

Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...

AST-2010-002: Dialplan injection vulnerability

Asterisk Project Security Advisory - AST-2010-002 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Dialplan injection vulnerability |...

CVE-2009-3796

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."...

CVE-2009-3796

Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 are affected by CVE-2009-3796 (data injection vulnerability) that could allow remote code execution via unspecified vectors. Red Hat advisories RHSA-2009:1657/1658 and related summaries indicate upgrading Flash to 10.0.42.34 as remed...