EUVD-2026-20515

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server...

CVE-2025-14815 Information Disclosure, Tampering, and Denial-of-Service Vulnerabilities in GENESIS64, ICONICS Suite, MobileHMI, Hyper Historian, AnalytiX, GENESIS, and MC Works64

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and...

SUSE CVE-2026-33906

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

CVE-2026-33906

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

CVE-2026-33906 Ella Core has Privilege Escalation via Database Restore by NetworkManager role

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, the NetworkManager role was granted backup and restore permission. The restore endpoint accepted any valid SQLite file without verifying its contents. A NetworkManager could replace the production database with a tamper...

CVE-2026-27510 Unitree Go2 Mobile Program Tampering Enables Root RCE

Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...

PT-2026-5966

Name of the Vulnerable Software and Affected Versions ExpressTech Systems Quiz And Survey Master versions through 10.3.1 Description A flaw exists in ExpressTech Systems Quiz And Survey Master that allows for SQL Injection. The issue impacts approximately 40,000 WordPress sites globally. A...

AzuraCast 安全漏洞

AzuraCast is a simple self-hosted webcast management suite from AzuraCast, Inc. A security vulnerability exists in AzuraCast version 0.23.1, which stems from the incorrect inclusion of an API endpoint for internal use only, which could lead to tampering with database contents...

Men Salon Management System /admin/edit-services.php File SQL Injection Vulnerability

Men Salon Management System a men's salon management system. The Men Salon Management System suffers from an SQL injection vulnerability that stems from a lack of proper validation and cleanup of inputs to the cost parameter in the /admin/edit-services.php file. An attacker could exploit this...

Unspecified Vulnerability in Emlog (CNVD-2023-9918065)

emlog is a PHP and MySQL based CMS builder for emlog personal developers. Emlog pro2.1.14 version of a security vulnerability, the vulnerability stems from the uid parameter in /admin/media.php contains SQL injection vulnerability. Attackers can use this vulnerability to gain unauthorized access ...

CVE-2023-42552

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...

CVE-2023-42552

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...

Design/Logic Flaw

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...

CVE-2023-42552

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...

PT-2023-28420 · Google · Android 12 +2

Name of the Vulnerable Software and Affected Versions: Firewall application versions prior to 12.1.00.24 in Android 11 Firewall application versions prior to 13.1.00.16 in Android 12 Firewall application versions prior to 14.1.00.7 in Android 13 Description: The issue allows a 3rd party applicati...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices due to an implicit intent hijacking vulnerability in the Firewall application module. The vulnerabili...

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker cou...

IIBM Kenexa LMS on Cloud SQL Injection Vulnerability

IBM Kenexa LCMS Premier is a product of IBM Corporation, USA. A SQL injection vulnerability exists in IBM Kenexa LMS cloude version 5.2, which can be exploited by an attacker to compromise an application, either by accessing and modifying data, or by tampering with a database...